clinux 防火墙增加白名单_Linux防火墙--iptables--白名单配置
1.服务器22端口和1521端口开通给指定IP[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)targetprot opt sourcedestinationACCEPTall--0.0.0.0/00.0.0...
1.服务器22端口和1521端口开通给指定IP
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@node2 sysconfig]# iptables -F
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1 -p tcp -m tcp --dport 22 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22
[root@node2 sysconfig]# iptables -A INPUT -j REJECT
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1 -p tcp -m tcp --dport 1521 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521
ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
[root@node2 sysconfig]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@node2 sysconfig]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521
ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521
2 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22
3 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
[root@node2 sysconfig]# iptables -t filter -D INPUT 1
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22
2 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
2.注意:每次最后需要添加
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
3.插入到那一行
先查看当前的行,iptables -nL --line-numbers
插入到指定的行
[root@node2 sysconfig]# iptables -I INPUT 行号 -s 192.168.222.1 -p tcp -m tcp --dport 1521 -j ACCEPT
4.针对某个端口设置白名单机制
[root@node2 ~]# iptables -F
[root@node2 ~]# iptables -I INPUT -p tcp --dport 1521 -j DROP
[root@node2 ~]#
[root@node2 ~]# telnet 192.168.222.11 1521
Trying 192.168.222.11...
^C
[root@node2 ~]# iptables -I INPUT -s 192.168.222.11 -p tcp --dport 1521 -j ACCEPT
[root@node2 ~]# telnet 192.168.222.11 1521
Trying 192.168.222.11...
Connected to 192.168.222.11.
Escape character is '^]'.
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
0
0- 0
已为社区贡献4条内容
所有评论(0)