• iptables 设置特定IP访问指定端口


    一、添加规则:设置禁止所有IP访问指定端口8075

    [root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP

    二、测试telnet 

    [root@zabbix_server ~]# telnet 127.0.0.1 8075
    Trying 127.0.0.1...
    telnet: connect to address 127.0.0.1: Connection timed out

    三、删除规则:

    1、查询规则编号

    [root@zabbix_server ~]# iptables --line -nvL INPUT
    Chain INPUT (policy DROP 83 packets, 4016 bytes)
    num   pkts bytes target     prot opt in     out     source               destination         
    1        8   408 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
    2     144M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    3     4037  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    4        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
    5     4085  218K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    6    22638 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
    7     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
    8     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
    9    76134 4093K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 

    可以看到禁止访问8075的规则编号为1

    2、删除指定规则编号的规则

    [root@zabbix_server ~]# iptables -D INPUT 1

    再查询

    [root@zabbix_server ~]# iptables --line -nvL INPUT
    Chain INPUT (policy DROP 20 packets, 961 bytes)
    num   pkts bytes target     prot opt in     out     source               destination         
    1     144M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    2     4038  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    3        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
    4     4087  218K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    5    22644 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
    6     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
    7     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
    8    76156 4094K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
    9       44  2208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dp

    已经删除了,测试telnet

    [root@zabbix_server ~]# telnet 127.0.0.1 8075
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.

    四、设置指定IP访问指定端口8075

    1、添加规则:禁止所有IP访问8075

    [root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP
    [root@zabbix_server ~]# iptables --line -nvL INPUT
    Chain INPUT (policy DROP 3 packets, 156 bytes)
    num   pkts bytes target     prot opt in     out     source               destination         
    1        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
    2     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    3     4038  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    4        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
    5     4090  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    6    22650 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
    7     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
    8     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
    9    76183 4095K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
    10      44  2208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3000 
    11       7   284 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5672 
    12       2    80 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dp

    2、添加规则:允许127.0.0.1访问8075

    [root@zabbix_server ~]# iptables -I INPUT -s 127.0.0.1 -p tcp --dport 8075 -j ACCEPT

    3、查询规则:

    [root@zabbix_server ~]# iptables --line -nvL INPUT
    Chain INPUT (policy DROP 20 packets, 1004 bytes)
    num   pkts bytes target     prot opt in     out     source               destination         
    1        0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           tcp dpt:8075 
    2        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
    3     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    4     4039  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    5        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
    6     4096  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    7    22660 1170K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
    8     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
    9     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 

    规则已经添加,测试

    [root@zabbix_server ~]# telnet 127.0.0.1 8075
    Trying 127.0.0.1...
    Connected to 127.0.0.1.
    Escape character is '^]'.

    本机可以访问8075,其他机器上不能访问8075

    [root@localhost etc]# telnet 172.28.18.75 8075
    Trying 172.28.18.75...
    telnet: connect to address 172.28.18.75: Connection timed out

    4、允许172.28.18.71可以访问8075,(172.28.18.71是需要访问8075的服务器)

    [root@zabbix_server ~]# iptables -I INPUT -s 172.28.18.71 -p tcp --dport 8075 -j ACCEPT

    查看规则

    [root@zabbix_server ~]# iptables --line -nvL INPUT
    Chain INPUT (policy DROP 9 packets, 456 bytes)
    num   pkts bytes target     prot opt in     out     source               destination         
    1        0     0 ACCEPT     tcp  --  *      *       172.28.18.71         0.0.0.0/0           tcp dpt:8075 
    2        3   132 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           tcp dpt:8075 
    3        7   420 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
    4     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    5     4040  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    6        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
    7     4100  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
    8    22674 1171K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 

    在172.28.18.71上测试telnet 8075

    [root@localhost etc]# telnet 172.28.18.75 8075
    Trying 172.28.18.75...
    Connected to 172.28.18.75.
    Escape character is '^]'.

    访问成功,保存规则

    [root@zabbix_server ~]# service iptables save
    iptables:将防火墙规则保存到 /etc/sysconfig/iptables:[确定]

    重启服务

    [root@zabbix_server ~]# service iptables save
    iptables:将防火墙规则保存到 /etc/sysconfig/iptables:[确定]
    [root@zabbix_server ~]# service iptables restart
    iptables:将链设置为政策 ACCEPT:filter [确定]
    iptables:清除防火墙规则:[确定]
    iptables:正在卸载模块:[确定]
    iptables:应用防火墙规则:[确定]
  • 相关阅读:
    构建之法阅读笔记01
    软件工程个人作业01
    第一个PSP0级
    java实现课表的增加
    软件工程概论01
    异常处理
    流与文件课件课后作业1计算容量
    第九周课堂测试
    第八周动手动脑
    JAVA项目中常用的异常知识点总结
  • 原文地址:https://www.cnblogs.com/sky-cheng/p/11596678.html
Copyright © 2020-2023  润新知