iptables服务简单使用

文章目录

• ​​安装服务​​
• ​​1、编辑iptables文件​​
• ​​2、保存配置-重启服务​​

安装服务

查看是否安装服务：​

​systemctl status iptables​

​

# 安装服务
sudo yum install iptables -y
sudo yum install iptables-services -y

# 启动服务
sudo service iptables start
sudo service      

启动后iptables文件内容如下

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22      

1、编辑iptables文件

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-N whitelist 创建白名单whitelist 
-A whitelist -s 10.7.48.46 -j ACCEPT 白名单whitelist 中添加客户端地址，实行规则为ACCEPT放行
-A whitelist -s 10.7.20.139 -j ACCEPT 白名单whitelist 中添加客户端地址，实行规则为ACCEPT放行
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 输入过滤中状态已连接的实行规则为ACCEPT放行
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9999 -j whitelist 输入过滤中状态为新建连接，协议为tcp，端口为9999，实行规则为白名单whitelist中配置 。
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9999      

2、保存配置-重启服务

sudo iptables-save
sudo service iptables restart
sudo service iptables status
sudo service      

iptables -I INPUT -p TCP --dport 80 -j DROP
iptables -I INPUT -s 10.28.143.18 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT -s 10.28.186.173 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT -s 10.28.139.123 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT -s 10.28.186.166 -p TCP --dport 80 -j ACCEPT
iptables -I INPUT -s 10.28.143.7 -p TCP --dport 80 -j ACCEPT
iptables --line -nvL INPUT
service iptables save
sudo service iptables restart
sudo service