Fedora17中iptables防火墙配置
来源:互联网 发布:linux配置svn服务器 编辑:程序博客网 时间:2024/06/05 23:45
Fedora17 Live Desktop默认安装后开启了防火墙
查看规则
使用iptables -L查看现有规则
# iptables -LChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdnsREJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)target prot opt source destination
防火墙3个链的默认策略均为ACCEPT
INPUT链最后一条规则会拒绝所有连接
开启ssh
需要使用ssh登陆时要开启ssh端口
若使用 -A 命令会在最后增加一条规则
这样因为前面REJECT目标已经拒绝了所有连接而使新增的允许规则无效
这里使用 -I 命令在INPUT链最前面插入一条规则允许ssh访问
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# iptables -LChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:sshACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdnsREJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)target prot opt source destination
配置保存
使用iptables-save保存防火墙规则到配置文件
iptables-save > /etc/sysconfig/iptables
保存前的/etc/sysconfig/iptables
# cat /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT
保存后的# cat /etc/sysconfig/iptables
# cat /etc/sysconfig/iptables# Generated by iptables-save v1.4.12.2 on Fri May 3 18:05:57 2013*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [126:15426]-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT# Completed on Fri May 3 18:05:57 2013
- Fedora17中iptables防火墙配置
- fedora17 关闭防火墙,配置 sudoer
- Linux中iptables防火墙配置实例分享
- Linux 中使用iptables配置防火墙
- iptables 配置防火墙
- iptables防火墙配置详解
- iptables 防火墙基本配置
- iptables防火墙配置详解
- Iptables 防火墙 配置
- redhat防火墙配置 iptables
- iptables防火墙配置详解
- Iptables防火墙配置
- 配置iptables防火墙
- Iptables防火墙配置详解
- CentOS配置iptables防火墙
- Centos 配置iptables防火墙
- Centos配置iptables防火墙
- Centos配置iptables防火墙
- 计算机中的四种基本图像
- cmake 学习笔记
- 源码阅读学习的捷径
- Android Toast显示叠加的问题
- 牛顿法线性规划octave实现
- Fedora17中iptables防火墙配置
- java学习笔记_线程
- Windows Azure功能更新:软件VPN, Ruby SDK以及改进的开发体验
- Rest Client for Firefox---post请求
- css使两个并排的DIV等高
- 一个多月以来对WPF调研的结果
- 秦武王酒后比赛举鼎被砸死 提议者遭灭族
- vc_class static 一系列的问题和解决方法
- tocmat中jsp热部署实现原理