Usually the system has its own firewall, the existence of the firewall to ensure the security of the system, the following small series to introduce to everyone is how to use the iptables command to configure the firewall for the Linux system, let's learn together.
In this tutorial operation, make sure that you can use linux machine. If you are using ssh remote, but can not directly operate the machine, then you are advised to be careful, careful, and careful!
Let's configure a firewall for the filter table.
(1) View the settings of this machine on IPTABLES
The code is as follows:
[root@tp ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination "/p" "p"Chain FORWARD (policy ACCEPT)
target prot opt source destination "/p" "p"Chain OUTPUT (policy ACCEPT)
target prot opt source destination "/p" "p"Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0. 0.0/0 0.0.0.0/0
ACCEPTah--0.0.0.0/00.0.0.0/0
ACCEPTudp--0.0.0.0/0224.0.0.251udpdpt:5353
ACCEPTudp--0.0.0.0/00.0.0.0/0udpdpt:631
ACCEPTall--0.0.0.0/00.0.0.0/0stateRELATED, ESTABLISHED
ACCEPTtcp--0.0.0.0/00.0. 0.0/0stateNEWtcpdpt:22
ACCEPTtcp--0.0.0.0/0 0.0.0.0/0stateNEWtcpdpt:80
ACCEPTtcp--0.0.0.0/00.0.0.0/0stateNEWtcpdpt:25
REJECTall--0.0.0.0/00.0.0.0/0reject-withicmp-host- Prohibited
It can be seen that when I installed Linux, I chose to have a firewall and opened ports 22, 80, and 25.
If you didn't choose to start the firewall when you installed Linux, the
code is as follows:
[root@tp ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination "/p" "p"Chain FORWARD (policy ACCEPT)
target prot opt source destination "/p" "p 》Chain OUTPUT (policy ACCEPT)
target prot opt source destination
No rules.
(2) Clear the original rules.
Regardless of whether you have started the firewall when you install linux, if you want to configure your own firewall, then clear all the rules of the current filter.
The code is as follows:
[root@tp ~]# iptables -F Clear the rules of all rule chains in the preset table filter
[root@tp ~]# Iptables -X Clear the rules in the user-defined chain in the preset table filter
Let's take a look at the
code as follows:
[root@tp ~]# Iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination "/p" "p"Chain FORWARD (policy ACCEPT)
target prot opt Source destination "/p" "p"Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Nothing, and we did not start the firewall when installing linux. . (In advance, these configurations are just like configuring IP with commands, they will lose their effect when they are restarted), how to save them.
The code is as follows:
[root@tp ~]# /etc/rc.d/init.d/iptables save
This will allow you to write to /etc/sysconfig In the /iptables file. Remember to restart the firewall after writing to work.
The code is as follows:
[root@tp ~]# service iptables restart
Now that the configuration in the IPTABLES configuration table is gone, let's start our configuration. Br>
(3) Set preset rules
The code is as follows:
[root@tp ~]# iptables -P INPUT DROP
[root@tp ~]# iptables -P OUTPUT ACCEPT
[root@tp ~]# iptables -P FORWARD DROP
The above meaning is when the two chain rules in the filter table in IPTABLES are exceeded. (INPUT, FORWARD), how to deal with the packets in these two rules, that is DROP (abandon). It should be said that this configuration is very safe. We have to control the incoming packet
and for the OUTPUT chain, that is, the outgoing package, we don't have to make too many restrictions, but take ACCEPT, that is, what if we don't have a package in the rule, then It is through.
It can be seen that the INPUT, FORWARD two chains use what packets are allowed to pass, and the OUTPUT chain does not allow any packets to pass.
This setting is quite reasonable. Of course, you can also DROP all three chains, but I don't think it is necessary, and the rules to be written will increase. But if you only want a limited number of rules, just do a web server. Still recommend that all three chains are DROP.
Note: If you are logging in remote SSH, you should drop it when you enter the first command to enter. Because you have not set any rules.
What to do, go to the machine to operate!
Previous123Next page Total 3 pages
under Linux system Linux system GitHub is a kernel code management system that can help programmers
Some Java projects in the Linux system steps disappeared without cause. It turned out that the Java
l2tp is the Internet tunneling protocol, through the l2tp settings can achieve system networking, th
Nowadays, many computers or mobile phones can automatically adjust the brightness o
Linux uses xfs when there is no disk space. How to deal with
Steps for Linux to build a static link library
How to use commands to transfer files between Mac and Linux
What is the use of the Linux system pppsetup command?
How to use NTP server under Linux system?
Under the CentOS pure-ftpd server error 530 login authentication how to do?
How to connect wifi through the command line under Linux?
Linux ln command operation guide
How to solve the problem that the VPN client connection to the Linux server is slow to slow down
Three ways to configure Java environment variables in Linux
How to use the backup-manager tool to back up the Linux system
How to easily open the Win7Telnet service
Win10 system update Flash Player prompt 0x80070002 error solution
Win7 system boot start item can not be loaded processing method
Remove duplicate data from file
How to solve the blue screen caused by the Win8.1 system tdx.sys file?
What is the user's failure to receive the official version of Win10?
How to configure the data source
Data: Win10 share continues to grow, Win7 is still the first