Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux iptables: combat scenes     - Plasma 5.4 How to install on Kubuntu 15.04 (Linux)

- echo command (Linux)

- Gentoo: startx appeared Failed to load module Problem Solving (Linux)

- Configuring the remote Linux server SSH key authentication to automatically login in Mac OS X (Server)

- iOS custom keyboard emoji expression (Programming)

- When Linux Detailed time zone and common function of time (Linux)

- Linux file and directory management - ls, cp, mv (Linux)

- Check with Hello World Docker installation (Server)

- Protobuf compiled and used on the Ubuntu 14.04 (Programming)

- Connect to the Oracle Database Help class (Database)

- Linux folder and extract the differential file comparison techniques -rsync Magical (Linux)

- Try the command ip, ifconfig is obsolete under Linux (Linux)

- How MAT Android application memory leak analysis (Programming)

- Nginx start, stop, smooth start, smooth upgrade (Server)

- Android Application Development: Genymotion can not start solving (Linux)

- Zabbix configuration external network mail alarm (Server)

- Linux file and directory permissions settings (Linux)

- Setting CentOS firewall open port (Linux)

- Use Markdown editor for document work under Linux (Linux)

- Fedora 22 installation and configuration optimization (Linux)

  Linux iptables: combat scenes
  Add Date : 2018-11-21      
  Firewall settings Policy

-------------------------------------------------- ------------------------------

Firewall policy settings are generally divided into two types, one is called "pass" strategy, called "blocking" strategy:

Through policy, by default all packets are allowed to pass through, for the definition of rules to allow packets.

Blocking strategy is, by default all packets are allowed to pass through all of the data you want to reject the package definition rules.

General firewall settings are based on the server's first strategy, more secure, combat scenes this introduction is a "pass" strategy.

The actual definition of the scene

-------------------------------------------------- ------------------------------

To implement the following rules assume Benpian scenario definition:

1, 80,22,10-21 port access to all addresses and opening of the machine;

2, open to all addresses ICMP protocol packet access;

3, the other is not allowed to block access to the port.

iptables rule implementation

-------------------------------------------------- ------------------------------

To achieve the above-defined command operation:

First clear all the default rules

iptables -F

Open ports

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 22 -j ACCEPT


iptables -I INPUT -p icmp -j ACCEPT

Prohibit other port

iptables -A INPUT -j REJECT

See Rule

iptables -L -n

Operating Results:

iptables rule definition Points

-------------------------------------------------- ------------------------------

During the above operation, there are several points to note:

1, be sure to allow access to port 22, otherwise enter iptables -A INPUT -j REJECT when, SSH will be disconnected immediately and can no longer be operated remotely;

2, iptables -A INPUT -j REJECT must use the A command appended to the end of the rules, I can not use the command to insert, so that refusal to take effect at the end of the operation;

3, you can use a range of ports to allow continuous starting: ending port specified.
- C ++ thread creates transmission parameters are changed (Programming)
- Oracle ordinary users show parameter method (Database)
- Experience CoreCLR stack unwinding characteristics of initial implementation on Linux / Mac (Linux)
- MySQL InnoDB table --BTree basic data structures (Database)
- Under CentOS 7 installation and deployment environment Ceph (Server)
- Configure the ASM process on Red Hat Linux 6.5 (Database)
- Linux regex sed detailing (Linux)
- MySQL backup tool to back up mydumper (Database)
- How to install Hadoop on CentOS7 (Server)
- Linux / Unix system-level IO (Linux)
- Linux installed PCRE (Linux)
- Nonstandard IMP-00010 error processing one case (Database)
- using the ssh command to check the socket / Network Connections (Linux)
- How to choose the correct HTTP status code (Server)
- Python decorators to learn and practice the actual usage scenarios (Programming)
- Service manager OpenBSD on rccl (Server)
- CentOS of NFS (Server)
- Servlet 3.0 interfaces of AsyncListener (Programming)
- Web database security tips (Linux)
- Ubuntu the ARP (arptables) (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.