iptables命令详解
安装iptables
yum install iptables-services
编写允许访问的策略
vim /etc/sysconfig/iptables
# sample configuration for iptables service
# # # you can edit this manually or use system-config-firewall
# # # please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s 0.0.0.0/0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 0.0.0.0/0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 10.10.11.0/24 -p tcp -m tcp --dport 8001 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
禁止firewall开机启动
systemctl disable firewall.service
启动
systemctl start iptables
更多:
https://www.cnblogs.com/chinaifae/p/9993283.html
重启
systemctl restart iptables
禁用
systemctl stop iptables
查看状态
systemctl status iptables
所有节点确保防火墙关闭
systemctl stop firewalld
systemctl disable firewalld
检查防火墙状态
firewall-cmd --state
关闭规则
systemctl stop iptables
systemctl disable iptables
systemctl status iptables
[Haima的博客]
http://www.cnblogs.com/haima/