Debian/Ubuntu
了解系统初始防火墙情况
iptables -L卸载之前的防火墙
apt purge -y ufwapt purge -y iptables-persistent安装iptables-persistent
apt update -y && apt install -y iptables-persistent nano编辑文件
nano /etc/iptables/rules.v4编辑的内容
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i lo -j ACCEPT
COMMIT加载规则
iptables-restore < /etc/iptables/rules.v4systemctl enable netfilter-persistentsystemctl restart netfilter-persistent查看链与规则
iptables -LCentOS
了解系统初始防火墙情况
iptables -L卸载上层防火墙
yum remove -y firewalld安装
yum update -y && yum install -y iptables-services启动
systemctl enable iptables
systemctl start iptables清除已有规则
iptables -F添加规则
iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables
-A INPUT -i lo -j ACCEPT iptables
-A FORWARD -i lo -j ACCEPT iptables
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables
-P INPUT DROP iptables -P FORWARD DROP保存开机生效
service iptables save
systemctl restart iptables查看链与规则
iptables -L
评论区