| |
Firewall settings Policy
-------------------------------------------------- ------------------------------
Firewall policy settings are generally divided into two types, one is called "pass" strategy, called "blocking" strategy:
Through policy, by default all packets are allowed to pass through, for the definition of rules to allow packets.
Blocking strategy is, by default all packets are allowed to pass through all of the data you want to reject the package definition rules.
General firewall settings are based on the server's first strategy, more secure, combat scenes this introduction is a "pass" strategy.
The actual definition of the scene
-------------------------------------------------- ------------------------------
To implement the following rules assume Benpian scenario definition:
1, 80,22,10-21 port access to all addresses and opening of the machine;
2, open to all addresses ICMP protocol packet access;
3, the other is not allowed to block access to the port.
iptables rule implementation
-------------------------------------------------- ------------------------------
To achieve the above-defined command operation:
First clear all the default rules
iptables -F
Open ports
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
Open ICMP
iptables -I INPUT -p icmp -j ACCEPT
Prohibit other port
iptables -A INPUT -j REJECT
See Rule
iptables -L -n
Operating Results:
iptables rule definition Points
-------------------------------------------------- ------------------------------
During the above operation, there are several points to note:
1, be sure to allow access to port 22, otherwise enter iptables -A INPUT -j REJECT when, SSH will be disconnected immediately and can no longer be operated remotely;
2, iptables -A INPUT -j REJECT must use the A command appended to the end of the rules, I can not use the command to insert, so that refusal to take effect at the end of the operation;
3, you can use a range of ports to allow continuous starting: ending port specified. |
|
|
|