查看防火墙规则命令
[root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination清空防火墙规则
[root@localhost ~]# iptables -F禁止服务器被ping,服务器拒绝icmp的流量,给与响应 **注:参数解释
-A 给INPUT链添加规则-p指定icmp协议–icmp-type 8指定icmp协议类型-s指定源ip网段范围-j 指定动作(accept允许数据包通过、reject拒绝数据包通过给客户端响应、drop直接丢弃数据包不给客户端响应) [root@localhost ~]# iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j REJECT删除指定的iptables规则
[root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@localhost ~]# iptables -D INPUT 1 [root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination服务器禁止ping,直接丢弃请求,不给于响应
[root@localhost ~]# iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j DROP禁止访问本机的80端口
[root@localhost ~]# iptables -A INPUT -p tcp --dport 80 -j DROP禁止服务器的FTP端口,端口ftp默认是21
[root@localhost ~]# iptables -A INPUT -p tcp --dpotr 21 -j ACCEPT指定允许192.168.3的ip网段地址连接该服务器的22端口,指定客户端进行远程连接,拒绝所有其他的流量
[root@localhost ~]# iptables -A INPUT -s 192.168.3.0/24 -p tcp --dport 22 -j ACCEPT [root@localhost ~]# iptables -A INPUT -s 0/0 -p tcp -j DROP禁止192.168.3.0网段指定的机器,访问本地的80端口
[root@localhost ~]# iptables -A INPUT -p tcp -s 192.168.3.0/24 --dport 80 -j REJECT禁止所有的主机网段,访问该服务器的8000-9000端口(包含所有tcp和udp连接)
[root@localhost ~]# iptables -A INPUT -p tcp -s 0/0 --dport 8000:9000 -j REJECT [root@localhost ~]# iptables -A INPUT -p udp -s 0/0 --dport 8000:9000 -j REJECT