https://wiki.riguz.com/index.php?action=history&feed=atom&title=CentOS%3Aiptables%E8%AE%BE%E7%BD%AE
CentOS:iptables设置 - 版本历史
2026-06-03T04:03:45Z
本wiki上该页面的版本历史
MediaWiki 1.42.3
https://wiki.riguz.com/index.php?title=CentOS:iptables%E8%AE%BE%E7%BD%AE&diff=1283&oldid=prev
2015年8月27日 (四) 16:12 imported>Soleverlee
2015-08-27T16:12:23Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="zh-Hans-CN">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">2015年8月27日 (四) 16:12的版本</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l42">第42行:</td>
<td colspan="2" class="diff-lineno">第42行:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></source></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></source></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Image:CentOS_Iptables.png]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Image:CentOS_Iptables.png]]</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>下面是配置后得到的iptables 文件:</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>下面是配置后得到的iptables 文件:</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><source lang="bash"></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><source lang="bash"></div></td></tr>
</table>
imported>Soleverlee
https://wiki.riguz.com/index.php?title=CentOS:iptables%E8%AE%BE%E7%BD%AE&diff=1282&oldid=prev
2015年8月27日 (四) 16:12 imported>Soleverlee
2015-08-27T16:12:07Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="zh-Hans-CN">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">←上一版本</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">2015年8月27日 (四) 16:12的版本</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l41">第41行:</td>
<td colspan="2" class="diff-lineno">第41行:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>iptables -D INPUT -s ***.***.***.*** -j DROP</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>iptables -D INPUT -s ***.***.***.*** -j DROP</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></source></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></source></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Image:CentOS_Iptables.png<del style="font-weight: bold; text-decoration: none;">|right</del>]]</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Image:CentOS_Iptables.png]]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>下面是配置后得到的iptables 文件:</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>下面是配置后得到的iptables 文件:</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><source lang="bash"></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><source lang="bash"></div></td></tr>
</table>
imported>Soleverlee
https://wiki.riguz.com/index.php?title=CentOS:iptables%E8%AE%BE%E7%BD%AE&diff=1281&oldid=prev
imported>Soleverlee:以“以下记录为阿里云服务器开启iptables。因为是SSH登录的,所以小心一启动防火墙,连接中断了噢~ 哈哈 <source lang="bash"> #首先在...”为内容创建页面
2015-08-27T16:11:26Z
<p>以“以下记录为阿里云服务器开启iptables。因为是SSH登录的,所以小心一启动防火墙,连接中断了噢~ 哈哈 <source lang="bash"> #首先在...”为内容创建页面</p>
<p><b>新页面</b></p><div>以下记录为阿里云服务器开启iptables。因为是SSH登录的,所以小心一启动防火墙,连接中断了噢~ 哈哈<br />
<source lang="bash"><br />
#首先在清除前要将policy INPUT改成ACCEPT,表示接受一切请求。<br />
#这个一定要先做,不然清空后可能会悲剧<br />
iptables -P INPUT ACCEPT<br />
#清空默认所有规则<br />
iptables -F<br />
#清空自定义的所有规则<br />
iptables -X<br />
#计数器置0<br />
iptables -Z<br />
<br />
#允许来自于lo接口的数据包<br />
#如果没有此规则,你将不能通过127.0.0.1访问本地服务,例如ping 127.0.0.1<br />
iptables -A INPUT -i lo -j ACCEPT<br />
#ssh端口22<br />
iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br />
#FTP端口21<br />
iptables -A INPUT -p tcp --dport 21 -j ACCEPT<br />
#web服务端口80<br />
iptables -A INPUT -p tcp --dport 80 -j ACCEPT<br />
#tomcat<br />
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT<br />
#mysql<br />
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT<br />
#允许icmp包通过,也就是允许ping<br />
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
#允许所有对外请求的返回包<br />
#本机对外请求相当于OUTPUT,对于返回数据包必须接收啊,这相当于INPUT了<br />
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT<br />
#如果要添加内网ip信任(接受其所有TCP请求)<br />
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT<br />
#过滤所有非以上规则的请求<br />
iptables -P INPUT DROP<br />
#要封停一个IP,使用下面这条命令:<br />
<br />
iptables -I INPUT -s ***.***.***.*** -j DROP<br />
<br />
#要解封一个IP,使用下面这条命令:<br />
<br />
iptables -D INPUT -s ***.***.***.*** -j DROP<br />
</source><br />
[[Image:CentOS_Iptables.png|right]]<br />
下面是配置后得到的iptables 文件:<br />
<source lang="bash"><br />
# iptables-save > /etc/sysconfig/iptables<br />
# Generated by iptables-save v1.4.7 on Fri Aug 28 00:04:35 2015<br />
*filter<br />
:INPUT DROP [1:40]<br />
:FORWARD ACCEPT [0:0]<br />
:OUTPUT ACCEPT [279:28212]<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 9306 -j ACCEPT<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
-A INPUT -m state --state ESTABLISHED -j ACCEPT<br />
COMMIT<br />
# Completed on Fri Aug 28 00:04:35 2015<br />
</source><br />
<br />
[[Category:Linux/Unix]]</div>
imported>Soleverlee