Linux上iptable防火墙的设置

Linux下iptable防火墙的设置

日志原文:http://blog.sohu.com/people/!aGlkZTJ3QHNvaHUuY29t/97911176.html

如果你的IPTABLES基础知识还不了解,建议先去看看.

开始配置

我们来配置一个filter表的防火墙.

(1)查看本机关于IPTABLES的设置情况

[root@tp ~]# iptables -L -n

Chain INPUT (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain FORWARD (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain OUTPUT (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain RH-Firewall-1-INPUT (0 references)
target???? prot opt source?????????????? destination????????
ACCEPT???? all? –? 0.0.0.0/0??????????? 0.0.0.0/0??????????
ACCEPT???? icmp –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? icmp type 255
ACCEPT???? esp? –? 0.0.0.0/0??????????? 0.0.0.0/0??????????
ACCEPT???? ah?? –? 0.0.0.0/0??????????? 0.0.0.0/0??????????
ACCEPT???? udp? –? 0.0.0.0/0??????????? 224.0.0.251???????? udp dpt:5353
ACCEPT???? udp? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? udp dpt:631
ACCEPT???? all? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state RELATED,ESTABLISHED
ACCEPT???? tcp? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:22
ACCEPT???? tcp? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:80
ACCEPT???? tcp? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? state NEW tcp dpt:25
REJECT???? all? –? 0.0.0.0/0??????????? 0.0.0.0/0?????????? reject-with icmp-host-prohibited
可以看出我在安装linux时,选择了有防火墙,并且开放了22,80,25端口.
如果你在安装linux时没有选择启动防火墙,是这样的

[root@tp ~]# iptables -L -n

Chain INPUT (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain FORWARD (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain OUTPUT (policy ACCEPT)
target???? prot opt source?????????????? destination??
什么规则都没有.

(2)清除原有规则.

不管你在安装linux时是否启动了防火墙,如果你想配置属于自己的防火墙,那就清除现在filter的所有规则.

[root@tp ~]# iptables -F
????? 清除预设表filter中的所有规则链的规则
[root@tp ~]# iptables -X
??????清除预设表filter中使用者自定链中的规则
我们在来看一下

[root@tp ~]# iptables -L -n

Chain INPUT (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain FORWARD (policy ACCEPT)
target???? prot opt source?????????????? destination????????
Chain OUTPUT (policy ACCEPT)
target???? prot opt source?????????????? destination?????
什么都没有了吧,和我们在安装linux时没有启动防火墙是一样的.(提前说一句,这些配置就像用命令配置IP一样,重起就会失去作用),怎么保存.

[root@tp ~]#
/etc/rc.d/init.d/iptables save

?

这样就可以写到/etc/sysconfig/iptables文件里了.写入后记得把防火墙重起一下,才能起作用.

[root@tp ~]# service iptables restart

?
现在IPTABLES配置表里什么配置都没有了,那我们开始我们的配置吧

(3)设定预设规则

[root@tp ~]# iptables -P INPUT DROP

[root@tp ~]# iptables -P OUTPUT ACCEPT

[root@tp ~]# iptables -P FORWARD DROP

上面的意思是,当超出了IPTABLES里filter表里的两个链规则(INPUT,FORWARD)时,不在这两个规则里的数据包怎么处理呢,那就是DROP(

Linux上iptable防火墙的设置

相关文章:

你感兴趣的文章:

标签云: