linux:iptables
这是本文档旧的修订版!
iptables
图片来源:iptables配置实践
Usage
Save current iptables configuration:
service iptables save
Options
| option | meaning |
|---|---|
| -A | append rule |
| -j | jump, ACCEPT, DROP |
| -p | proto, tcp, udp, icmp |
| -s | source, address[/mask] |
| -d | destination, address[/mask] |
| -m | match |
Rules
List current iptables rules:
iptables -nL
Clear all iptables rules:
iptables -F
Allow ping(icmp):
iptables -A INPUT -p icmp -j ACCEPT
Open ports:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # allow ssh
Allow specify ip traffic in and out
iptables -A INPUT -p tcp -s [ip] -j ACCEPT iptables -A OUTPUT -p tcp -d [ip] -j ACCEPT
Allow NTP traffic for time synchronization:
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT iptables -A INPUT -p udp --sport 123 -j ACCEPT
Allow established connections important:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Drop all other traffic(ban all incoming traffic) put this to bottom:
iptables -A INPUT -j DROP
linux/iptables.1503195488.txt.gz · 最后更改: 2023/12/03 10:24 (外部编辑)