使用iptable实现: 放行ssh,telnet, ftp, web服务80端口,其他端口服务全部拒绝
[root@centos7 ~]# iptables -A INPUT -p tcp -m multiport --dport 21,22,23,80 -j ACCEPT
[root@centos7 ~]#iptables -A INPUT -j REJECT
[root@centos7 ~]#iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12 872 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,22,23,80
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreach
浙公网安备 33010602011771号