配置Centos6.x系列的防火墙iptables的配置参数:
系统环境:
[root@hk service]# uname -m
x86_64
[root@hk service]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@hk service]# uname -a
Linux note.t4x.org 2.6.32-042stab113.11 #1 SMP Fri Dec 18 17:32:04 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux SourceByrd's Weblog-https://note.t4x.org/system/cenots-enterpriseiptables-configuration/
配置过程:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@hk /]# iptables -F #清理防火墙规则 [root@hk /]# iptables -L #查看防火墙规则 [root@hk /]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT #允许ssh管理员访问 [root@hk /]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT #允许http客户访问 [root@hk /]# iptables -A INPUT -s x.x.x.x/32 -j ACCEPT #运行X.X.X.Xip访问 [root@hk /]# iptables -A INPUT -s 10.0.0.0/24 -p all -j ACCEPT #允许内网10.0.0.0访问 [root@hk /]# iptables -A INPUT -i lo -j ACCEPT #运行本地环回接口 [root@hk /]# iptables -A OUTPUT -o lo -j ACCEPT #运行本地环回接口 [root@hk /]# iptables -P INPUT DROP #进入默认drop [root@hk /]# iptables -P FORWARD DROP #默认drop [root@hk /]# iptables -P OUTPUT ACCEPT @默认accept [root@hk /]# iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT [root@hk /]# iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT [root@hk /]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT [root@hk /]# iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT [root@hk /]# /etc/init.d/iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@hk /]# iptables -L INPUT --line-numbers [root@hk /]# iptables -D INPUT 2 |
参考文档:firewalld:https://note.t4x.org/basic/arch-linux-firewalld/SourceByrd's Weblog-https://note.t4x.org/system/cenots-enterpriseiptables-configuration/ SourceByrd's Weblog-https://note.t4x.org/system/cenots-enterpriseiptables-configuration/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
