服务器操作系统:
Red Hat Enterprise Linux Server release 6.4 (Santiago)
需求:
只允许10.10.10.250的ip访问服务器9100端口
//对整个服务器(全部ip)禁止9100端口
[root@jiankunking]# iptables -I INPUT -p tcp --dport 9100 -j DROP
//只允许10.10.10.250访问9100端口
[root@jiankunking]# iptables -I INPUT -s 10.10.10.250 -p tcp --dport 9100 -j ACCEPT
//将规则保存到iptables 中
[root@jiankunking]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
//重启iptables
[root@jiankunking]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
//查看iptables 内容
[root@jiankunking]# cat iptables
# Generated by iptables-save v1.4.7 on Thu Jan 18 10:46:02 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:3471]
-A INPUT -s 10.10.10.250/32 -p tcp -m tcp --dport 9100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9100 -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Jan 18 10:46:02 2018
操作iptables注意事项:
1、操作前先备份iptables
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
2、保存当前环境中未save的规则(有些人,可能只是把规则添加了,但没有save,不save的话,一旦重启iptables,这部分规则就丢失了)
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/1374.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
休息一下~~