Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to configure iptables on VPS of Debian system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The code is as follows:

# configure, prohibit entry, allow exit, and allow loopback Nic

Iptables-P INPUT DROP

Iptables-P OUTPUT ACCEPT

Iptables-An INPUT-I lo-j ACCEPT

# allow ping, but not delete it

Iptables-An INPUT-p icmp-j ACCEPT

# allow ssh

Iptables-An INPUT-p tcp-m tcp-- dport 22-j ACCEPT

# allow ftp

Iptables-An INPUT-p tcp-m tcp-- dport 20-j ACCEPT

Iptables-An INPUT-p tcp-m tcp-- dport 21-j ACCEPT

# allow ftp passive interface range, which can be set in ftp configuration file

Iptables-An INPUT-p tcp-- dport 20000 tcp 30000-j ACCEPT

# learn felix and set smtp locally

Iptables-An INPUT-p tcp-m tcp-- dport 25-j ACCEPT-s 127.0.0.1

Iptables-An INPUT-p tcp-m tcp-- dport 25-j REJECT

# allow DNS

Iptables-An INPUT-p tcp-m tcp-- dport 53-j ACCEPT

Iptables-An INPUT-p udp-m udp-- dport 53-j ACCEPT

# allow http and https

Iptables-An INPUT-p tcp-m tcp-- dport 80-j ACCEPT

Iptables-An INPUT-p tcp-m tcp-- dport 443-j ACCEPT

# allow status detection, don't bother to explain

Iptables-An INPUT-p all-m state-- state ESTABLISHED,RELATED-j ACCEPT

Iptables-An INPUT-p all-m state-- state INVALID,NEW-j DROP

# Save configuration

Iptables-save > / etc/iptables

I wrote the above paragraph and the following paragraph in sh, start {} and stop {}. It is better to empty the reconstruction when you need to modify the rules, because there is a problem with the order of the rules.

The code is as follows:

# clear the configuration

Iptables-F

Iptables-X

Iptables-Z

Iptables-P INPUT ACCEPT

Iptables-P OUTPUT ACCEPT

Implementation of automatic loading of iptables Firewall on Boot

The iptables command will take effect immediately after typing, but the configuration will disappear after reboot. Debian provides an iptables-save program to quickly save the configuration, but we still need to do some work to make the iptables configuration boot and self-load.

1. Save the iptables configuration to / etc/iptables. The file name can be defined by yourself and is consistent with the following configuration.

The code is as follows:

Iptables-save > / etc/iptables

2. Create a self-startup configuration file and grant executable permissions

The code is as follows:

Touch / etc/network/if-pre-up.d/iptables

Chmod + x / etc/network/if-pre-up.d/iptables

3. Edit the self-startup configuration file to restore the iptables configuration when you start the network

The code is as follows:

Vim / etc/network/if-pre-up.d/iptables

The contents of the document are as follows:

The code is as follows:

#! / bin/sh

/ sbin/iptables-restore

/ etc/iptables

This is the end of the content of "how to configure iptables on VPS of Debian system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.