Linux-iptables
<h5>Centeros 防火墙:</h5>
<h5>屏蔽:</h5>
<table>
<thead>
<tr>
<th>指令</th>
<th>说明</th>
</tr>
</thead>
<tbody>
<tr>
<td>iptables -I INPUT -s 192.168.12.12 -j DROP</td>
<td>屏蔽指定IP</td>
</tr>
<tr>
<td>iptables -I INPUT -s 124.115.0.0/16 -j DROP</td>
<td>屏蔽124.115.<em>.</em>这段IP 就是124.115开头的IP</td>
</tr>
<tr>
<td>iptables -I INPUT -s 61.37.80.0/24 -j DROP</td>
<td>屏蔽61.37.80.*这段IP 意思就是61.37.80开头的IP</td>
</tr>
<tr>
<td>iptables -I INPUT -s 124.0.0.0/8 -j DROP</td>
<td>屏蔽124.<em>.</em>.*这段IP 意思就是124开头的IP</td>
</tr>
</tbody>
</table>
<h5>开放:</h5>
<table>
<thead>
<tr>
<th>指令</th>
<th></th>
</tr>
</thead>
<tbody>
<tr>
<td>iptables -I INPUT -s 192.168.12.12 -j DROP</td>
<td>开放指定IP 吧I 改为D 即可</td>
</tr>
</tbody>
</table>
<h5>端口:</h5>
<pre><code>#允许本地回环接口(即运行本机访问本机)
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# 允许已建立的或相关连的通行
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#允许所有本机向外的访问
iptables -A OUTPUT -j ACCEPT
# 允许访问22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#拒绝8080端口访问
iptables -I INPUT -p tcp --dport 8080 -j REJECT
#开放8080端口访问
iptables -I INPUT -p tcp --dport 8080 -j REJECT
#查看iptables 规则
iptables -L -n
如下:
[root@localhost sysconfig]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
#删除iptables chain
iptables -D INPUT -p tcp --dport 8080 -j REJECT</code></pre>