ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 可以看出我在安装linux时,选择了有防火墙,并且开放了22,80,25端口. 如果你在安装linux时没有选择启动防...
注意,-p tcp与 -m tcp 并不冲突,-p 用于匹配报文的协议,-m 用于指定扩展模块的名称,正好,这个扩展模块也叫 tcp。 #示例如下 iptables -t filter -I OUTPUT -d 192.168.1.146 -p tcp -m tcp --sport 22 -j REJECT iptables -t filter -I INPUT -s 192.168.1.146 -p tcp -m tcp --dport 22:2...
target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 复制代码 2、添加规则...
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT # 2.允许发送本地主机的SSH响应 iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT -m state:启用状态匹配模块(state matching module) –-state:状态匹配模块的...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ...
7、匹配网络状态(TCP/IP连接状态) -m state --state NEW:已经或将启动新的连接 ESTABLISHED:已建立的连接 RELATED:正在启动的新连接 INVALID:非法或无法识别的 1. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 2. 3. iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ...
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 以上输出包含下列字段: num – 指定链中的规则编号 target – 前面提到的target的特殊值prot – 协议:tcp, udp, icmp等source – 数据包的源IP地址destination ...
6 552 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 2365 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ...
icmp -- 0.0.0.0/0 0.0.0.0/0 <==第 2 条规则ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 <==第 3 条规则ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 <==以下类推REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with ic...
匹配网络状态(TCP/IP连接状态) -m state –state NEW:已经或将启动新的连接 ESTABLISHED:已建立的连接 RELATED:正在启动的新连接 INVALID:非法或无法识别的 iptables -A INPUT -m state -–state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state -–state ESTABLISHED,RELATED ...