• vim /etc/sysconfig/iptables

    # Firewall configuration written by system-config-firewall
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT

    以上是防火墙设置文件的初始值。

    下面需要增加的:

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

    -A INPUT -s 115.28.46.84/32 -p tcp -m tcp --dport 3306 -j ACCEPT  //115.28.46.84是从数据库地址

    实例:

    [danny@ay-sc-hz-02 ~]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.7 on Tue Sep 30 14:47:08 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [44:6143]
    :BLACKLIST - [0:0]
    -A INPUT -s 115.28.46.84/32 -p tcp -m tcp --dport 3306 -j ACCEPT
    -A INPUT -s 112.124.7.82/32 -p tcp -m tcp --dport 25 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 121.199.2.108/32 -p tcp -m tcp --dport 25 -j ACCEPT
    -A INPUT -s 54.204.167.252/32 -j ACCEPT
    -A INPUT -s 54.226.209.220/32 -j ACCEPT
    -A INPUT -s 180.166.51.234/32 -j ACCEPT
    -A INPUT -s 174.129.49.94/32 -j ACCEPT
    -A INPUT -s 75.101.181.183/32 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -j ACCEPT
    -A INPUT -s 10.160.2.32/32 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Tue Sep 30 14:47:08 2014

    [danny@ay-db-qd-01 log]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.3.5 on Mon Aug 25 17:48:21 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [184452044:15279824631]
    :BLACKLIST - [0:0]
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 54.204.167.252 -j ACCEPT
    -A INPUT -s 54.226.209.220 -j ACCEPT
    -A INPUT -s 180.166.51.234 -j ACCEPT
    -A INPUT -s 174.129.49.94 -j ACCEPT
    -A INPUT -s 75.101.181.183 -j ACCEPT
    -A INPUT -s 127.0.0.1 -j ACCEPT
    -A INPUT -s 10.144.38.91 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Mon Aug 25 17:48:21 2014

    [danny@ay-wifi-hz-01 ~]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.3.5 on Wed Aug 6 14:55:42 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [91064865:14245935000]
    :BLACKLIST - [0:0]
    -A INPUT -s 112.5.193.46 -j DROP
    -A INPUT -s 112.5.193.47 -j DROP
    -A INPUT -s 115.168.77.68 -j DROP
    -A INPUT -s 115.238.225.110 -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 23.22.208.66 -j ACCEPT
    -A INPUT -s 54.226.209.220 -j ACCEPT
    -A INPUT -s 180.166.51.234 -j ACCEPT
    -A INPUT -s 174.129.49.94 -j ACCEPT
    -A INPUT -s 75.101.181.183 -j ACCEPT
    -A INPUT -s 127.0.0.1 -j ACCEPT
    -A INPUT -s 10.122.68.87 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Wed Aug 6 14:55:42 2014

    [root@ay-xf-hz-01 ~]# sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.7 on Wed Sep 24 17:11:18 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [86:9522]
    :BLACKLIST - [0:0]
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 8089 -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 180.166.51.234/32 -j ACCEPT
    -A INPUT -s 174.129.49.94/32 -j ACCEPT
    -A INPUT -s 75.101.181.183/32 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Wed Sep 24 17:11:18 2014
  • 相关阅读:
    Kinect研究文档
    Unity使用Win10语音
    使用unity2017.3 vuforia7摄像头放大的问题
    Unity响应Android的返回键,退出当前Activity
    unity调用Android百度地图
    Unity带参数的协程
    Android jenkins动态参数配置
    如何下载浏览器视频
    mac 如果修改环境变量
    mac如何修改hosts文件
  • 原文地址:https://www.cnblogs.com/chromebook/p/4006685.html
Copyright © 2020-2023  润新知