Examples of iptables configuration commands for centos 01/16 Update SLTechnology News&Howtos

Examples of iptables configuration commands for centos

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Iptables is a commonly used fire protection qiang software on Linux. Here's how to install iptables, clear iptables rules, iptables only open designated ports, iptables shield specified ip, ip segment and unpack, delete added iptables rules, set iptables boot and other basic applications of iptables.

1. Install iptables Firewall

If you do not install iptables, you need to install it first:

The common option parameters for [root@node1 ~] # yum-y install iptables [root@node1 ~] # yum-y install iptables-services2 and iptables are as follows:

3. Four tables and five chains in iptables and their actions

The four tables are as follows:

The five chains are as follows:

The actions are as follows:

4. Clear the existing iptables rules [root@node1 ~] # iptables-F [root@node1 ~] # iptables-X [root@node1 ~] # iptables-Z5, open the specified port [root@node1 ~] # iptables-An INPUT-I lo-j ACCEPT # allow the local loopback interface (that is, run the local access machine) [root@node1 ~] # iptables-An INPUT-m state-- state ESTABLISHED RELATED-j ACCEPT # allows established or related traffic [root@node1 ~] # iptables-An OUTPUT-j ACCEPT # allows established or related traffic [root@node1 ~] # iptables-An INPUT-p tcp-- dport 22-j ACCEPT # allows access to port 22 [root@node1 ~] # iptables-An INPUT-p tcp-- dport 80-j ACCEPT # allows access to port 80 [root@node1 ~] # Iptables-An INPUT-p tcp-- dport 443-j ACCEPT # allows access to port 443 [root@node1] # iptables-An INPUT-p tcp-- dport 20-j ACCEPT # allows port 20 for FTP service [root@node1] # iptables-An INPUT-p tcp-dport 21-j ACCEPT # Port 21 for FTP service [root@node1 ~] # iptables-An INPUT-p icmp-j ACCEPT # allows ping# below Two are prohibited from accessing and forwarding other unauthorized rules [root@node1 ~] # iptables-An INPUT-j REJECT [root@node1 ~] # iptables-A FORWARD-j REJECT 6, Block IP# if you just want to block IP, you can skip the "Open the specified port above" section. [root@node1 ~] # iptables-I INPUT-s 123.4.5.6-j DROP # shielding a single IP [root@node1 ~] # iptables-I INPUT-s 123.0.0.0x8-j DROP # shielding a network segment [root@node1 ~] # iptables-I INPUT-s 192.168.10.0x24-j DROP # shielding a network segment 7, Block or allow an IP to access designated port [root@node1 ~] # iptables-I INPUT-s 192.168.1.1-p tcp-- dport 22-j DROP # shield an IP from accessing port 22 of tcp [root@node1 ~] # iptables-I INPUT-p tcp-- dport 22-j DROP # deny access to port 22 of tcp [root@node1 ~] # iptables-I INPUT-s 192.168.1.2-p tcp-dport 22-- J ACCEPT # allows an IP to access port 22 of tcp, View the added iptables rule [root@node1 ~] # iptables-L-n-v # "- n" shows only the IP address and port number Do not resolve IP to domain name 9, delete added iptables rule [root@node1 ~] # iptables-L-n-- line-numbers # display all iptables with serial number [root@node1 ~] # iptables-D INPUT 1 # delete rule 10 in INPUT with serial number 1, boot of iptables and rule save [root@node1 ~] # systemctl enable iptables # set iptables boot self [root@node1 ~] # service iptables save # save If prompted without the service command, execute the following command to install the service command [root@node1 ~] # yum install initscripts-y # install the service command

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.