Linux 下设置iptables 防火墙白名单(RHEL 6 和 CentOS 7)

进入 命令行,编辑防火墙规则配置文件 iptables
vi /etc/sysconfig/iptables

下面是一个白名单设置的例子:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]

-N whitelist
-A whitelist -s 10.202.106.1 -j ACCEPT
-A whitelist -s 10.202.106.2 -j ACCEPT
-A whitelist -s 10.202.106.3 -j ACCEPT
-A whitelist -s 10.202.106.4 -j ACCEPT
-A whitelist -s 10.202.106.5 -j ACCEPT
-A whitelist -s 10.202.106.6 -j ACCEPT
-A whitelist -s 10.202.106.7 -j ACCEPT

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 4750 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j whitelist
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited

COMMIT其中设置白名单的部分为:

-N whitelist
-A whitelist -s 10.202.106.1 -j ACCEPT
-A whitelist -s 10.202.106.2 -j ACCEPT
-A whitelist -s 10.202.106.3 -j ACCEPT
-A whitelist -s 10.202.106.4 -j ACCEPT
-A whitelist -s 10.202.106.5 -j ACCEPT
-A whitelist -s 10.202.106.6 -j ACCEPT
-A whitelist -s 10.202.106.7 -j ACCEPT

使用白名单规则使用 j 参数指定:

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j whitelist

更多iptables相关教程见以下内容

iptables使用范例详解

防火墙iptables详细教程

iptables的备份、恢复及防火墙脚本的基本使用

下防火墙iptables用法规则详解

下iptables防火墙设置

转载自:https://www.linuxidc.com/Linux/2016-01/127196.htm

声明: 除非转自他站(如有侵权,请联系处理)外,本文采用 BY-NC-SA 协议进行授权 | 智乐兔
转载请注明:转自《Linux 下设置iptables 防火墙白名单(RHEL 6 和 CentOS 7)
本文地址:https://www.zhiletu.com/archives-5611.html
关注公众号:智乐兔

赞赏

wechat pay微信赞赏alipay pay支付宝赞赏

上一篇
下一篇

相关文章

在线留言

你必须 登录后 才能留言!