系统运维


iptables防火墙正常规则

<h2>如果有很多docker的规则,把docker的规则全部删掉,保留下面nat和filter两个链表</h2> <pre><code>*nat :PREROUTING ACCEPT [42:2196] :INPUT ACCEPT [38:1988] :OUTPUT ACCEPT [343:17974] :POSTROUTING ACCEPT [343:17974] :DOCKER - [0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE COMMIT # Completed on Wed Oct 18 16:46:49 2023 # Generated by iptables-save v1.4.21 on Wed Oct 18 16:46:49 2023 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2945:973047] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8888 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 843 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 9004 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 9005 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 9009 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 8123 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.3.47/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.219/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.7/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.66/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.4/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.20/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.32/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.3/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.17/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.14/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.240/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.12/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.5/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.11/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.18/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.185/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.16/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.200.249/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.110/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.109/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.111/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.112/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.8/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4369 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2101 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2102 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3737 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.90.30/32 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.51/32 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 40000:44000 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.96/32 -p tcp -m state --state NEW -m tcp --dport 9100 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.2/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.2/32 -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.91.57/32 -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.96/32 -p tcp -m state --state NEW -m tcp --dport 3634 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.4.9/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.42/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.251/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.116/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.2.96/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.66/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.21.100/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.41/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.1.90.3/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.200.249/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.148/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.17/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.21/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.15/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.26/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.27/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.3/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.26/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.89/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.154/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.211/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.168/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.126/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.107/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.95.161/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.90.18/32 -p tcp -m state --state NEW -m tcp --dport 3307 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 15672 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8091 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.32/32 -p tcp -m state --state NEW -m tcp --dport 5672 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.26.148/32 -p tcp -m state --state NEW -m tcp --dport 27800 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.115/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.65.57/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.1.90.21/32 -p tcp -m state --state NEW -m tcp --dport 2020 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.96.84/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.215.0/24 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.1.90.216/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -s 10.1.90.167/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3307 -j ACCEPT COMMIT</code></pre>

页面列表

ITEM_HTML