ï¼ä¸ï¼ 设置å¼æºå¯å¨iptables
# sysv-rc-conf --level 2345 iptables on
ï¼äºï¼ iptablesçåºæ¬å½ä»¤
1. ååºå½åiptablesççç¥åè§å
# iptables -L -n
-nï¼ ç¨æ°åå½¢å¼æ¾ç¤º
# iptables -L -v
-vï¼ æå°è¯¦ç»çä¿¡æ¯
2. å
许已ç»å»ºç«çè¿æ¥æ¥æ¶æ°æ®
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3. å¼æ¾ç«¯å£22ï¼SSHçé»è®¤ç«¯å£ï¼ï¼æ¨è¦åè¯iptableså
许æ¥åå°çææç®æ 端å£ä¸º22çTCPæ¥æéè¿
iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT
注ï¼ssh代表22ï¼å¯ä»¥å¨/etc/servicesä¸æ¥å°çæå¡é½å¯ä»¥è¿æ ·ä½¿ç¨ã
4. æ·»å çç¥ãçç¥ä¹æ¯ä¸ç§è§åï¼å½ææè§åé½ä¸å¹é
æ¶ï¼ä½¿ç¨é¾çâçç¥â
é¾ï¼INPUT, PREROUTING, FORWARD, POSTROUTING, OUTPUT
é¾çç¥çé»è®¤å¼æ¯ï¼ACCEPTã
表ï¼filter ï¼é»è®¤ï¼ï¼natï¼mangleã
#iptables -P INPUT DROP
#iptables -P OUTPUT ACCEPT
#iptables -P FORWARD DROP
root@patrick:~# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
----------------------------------------------------
5. å¯å¨å
转ååè½
å°å
ç½çFTP请æ±è½¬åå°å¤ç½çä¸ä¸ªä¸»æºä¸ã
iptables -t nat -A PREROUTING -p tcp -dport 21 -j DNAT --to-dest 10.25.1.7:21
æ¥çï¼
# iptables -L -t nat
è¦å®ç°å
转åï¼è¿éè¦ç¼è¾å
æ ¸åæ°ã
# cat /proc/sys/net/ipv4/ip_forward
0
é»è®¤å
转åæ¯ç¦æ¢çãäºæ¯éè¦æå¼ãç¼è¾/etc/sysctl.confï¼ç¶åæ§è¡sysctl -pã
ï¼ä¸ï¼ä¿åiptablesçè§å
step 1ï¼ ä¿åå½åiptablesçè§åå°æ件ä¸ã
# iptables-save > /etc/iptables.up.rules
step 2ï¼ å¼æºæ¢å¤iptablesçè§åãæ¹æ³æ¯æ·»å ä¸é¢è¿è¡å°æ件â/etc/network/interfaces/â çæ«å°¾ã
pre-up iptables-restore < /etc/iptables.up.rules
ï¼åï¼ç¦ç¨é²ç«å¢
iptables -F
ä¼¼ä¹Ubuntuä¸æ²¡æ类似service iptables stopè¿æ ·çå½ä»¤æ¥æåiptablesãåªè½ä½¿ç¨è¿ç§æ¹æ³æ¥ç¦ç¨iptablesï¼é²ç«å¢ï¼ã
使ç¨åï¼è¯·ä¿è¯è§åå·²ç»å¤ä»½å¨æ件ä¸ã
温馨提示:答案为网友推荐,仅供参考