type
status
date
slug
summary
tags
category
icon
password
Debian/Ubuntu
了解系统初始防火墙情况
iptables -L卸载之前的防火墙
apt purge -y ufwapt purge -y iptables-persistent安装iptables-persistent
apt update -y && apt install -y iptables-persistent nano编辑文件
nano /etc/iptables/rules.v4编辑的内容
- filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
- A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- A INPUT -p tcp --dport 22 -j ACCEPT
- A INPUT -i lo -j ACCEPT
- A FORWARD -i lo -j ACCEPT
COMMIT
加载规则
iptables-restore < /etc/iptables/rules.v4systemctl enable netfilter-persistentsystemctl restart netfilter-persistent查看链与规则
iptables -LCentOS
了解系统初始防火墙情况
iptables -L卸载上层防火墙
yum remove -y firewalld安装
yum update -y && yum install -y iptables-services启动
systemctl enable iptablessystemctl start iptables清除已有规则
iptables -F添加规则
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
保存开机生效
service iptables savesystemctl restart iptables查看链与规则
iptables -L- Author:Gweek
- URL:https://www.myla.eu.org/article/fe3b7bbf-39fd-4d5e-84fd-800ac9f750dc
- Copyright:All articles in this blog, except for special statements, adopt BY-NC-SA agreement. Please indicate the source!