阅读背景:

iptables--白名单配置

来源:互联网 

1.服务器22端口和1521端口开通给指定IP

[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
[root@node2 sysconfig]# iptables -F
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 22 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
[root@node2 sysconfig]# iptables -A INPUT -j REJECT
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 1521 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@node2 sysconfig]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
2    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
3    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# iptables -t filter -D INPUT 1
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
2    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysco


你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到:
你可能喜欢:
相关阅读:
随便看看: