Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux iptables: combat scenes     - Use the top command (Linux)

- Define and modify strings principle in Python (Programming)

- Teach you how to protect the Linux operating system security tips (Linux)

- Linux System Getting Started Learning: complete installation on Debian or Ubuntu kernel source (Linux)

- Talking about the shortcomings and deficiencies of the firewall (Linux)

- Based Docker build stand-alone high-availability cluster Hadoop2.7.1 Spark1.7 (Server)

- C ++ 11 feature: decltype keywords (Programming)

- Mac OS X Server installation and application (Linux)

- JSON data normalization (normalize) (Programming)

- Oracle 11g partition maintenance (Nice) - Truncating And Partitions (Database)

- Use NTFS-3G to mount NTFS partitions under Linux U disk and removable hard disk (Linux)

- MySQL in order by inaccurate results in problems and solutions (Database)

- Linux rights management (Linux)

- Using Vagrant to build multi-platform environment (Server)

- Spacewalk Linux system configuration and installation (Linux)

- Rman Oracle database backup and recovery plan (Database)

- Hadoop2.4.0 Eclipse plug-in making (Server)

- Linux / Windows setup is complete port range (Linux)

- Linux foreground to background process switch (Linux)

- Server Security Analysis attack on Linux (Linux)

  Linux iptables: combat scenes
  Add Date : 2018-11-21      
  Firewall settings Policy

-------------------------------------------------- ------------------------------

Firewall policy settings are generally divided into two types, one is called "pass" strategy, called "blocking" strategy:

Through policy, by default all packets are allowed to pass through, for the definition of rules to allow packets.

Blocking strategy is, by default all packets are allowed to pass through all of the data you want to reject the package definition rules.

General firewall settings are based on the server's first strategy, more secure, combat scenes this introduction is a "pass" strategy.

The actual definition of the scene

-------------------------------------------------- ------------------------------

To implement the following rules assume Benpian scenario definition:

1, 80,22,10-21 port access to all addresses and opening of the machine;

2, open to all addresses ICMP protocol packet access;

3, the other is not allowed to block access to the port.

iptables rule implementation

-------------------------------------------------- ------------------------------

To achieve the above-defined command operation:

First clear all the default rules

iptables -F

Open ports

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 22 -j ACCEPT


iptables -I INPUT -p icmp -j ACCEPT

Prohibit other port

iptables -A INPUT -j REJECT

See Rule

iptables -L -n

Operating Results:

iptables rule definition Points

-------------------------------------------------- ------------------------------

During the above operation, there are several points to note:

1, be sure to allow access to port 22, otherwise enter iptables -A INPUT -j REJECT when, SSH will be disconnected immediately and can no longer be operated remotely;

2, iptables -A INPUT -j REJECT must use the A command appended to the end of the rules, I can not use the command to insert, so that refusal to take effect at the end of the operation;

3, you can use a range of ports to allow continuous starting: ending port specified.
- Using Linux command line and execute PHP code (Programming)
- Binary search -Java achieve (Programming)
- Attic-- delete duplicate data backup program (Linux)
- Installed in the desktop version of Ubuntu Unity Tweak Tool (Linux)
- Difference Redhat5 and 6 YUM source configuration (Linux)
- GNU Linux use diff to generate a patch with the patch (Linux)
- Linux firewall iptables beginner tutorial (Linux)
- Java memory area and memory overflow exception (Programming)
- Learn about EditText little depth (Programming)
- Linux Getting Started Tutorial: How to set up a static MAC address on VMware ESXi virtual machine (Mobile)
- rpm package specify the installation path (Linux)
- System Safety: Windows and Linux platforms (Linux)
- OpenDaylight Helium version installed (Linux)
- SQL Server memory Misunderstanding (Database)
- Service manager OpenBSD on rccl (Server)
- MySQL various log summary (Database)
- Linux deploy Tutorial (Linux)
- Gentoo: existing preserved libs problem solving (Linux)
- Configuring the remote Linux server SSH key authentication to automatically login in Mac OS X (Server)
- Tomcat configuration memory and remote debug port (Server)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.