iptables配置实例

# iptables conf /etc/sysconfig/iptables
# Created by http://rockhooray.blog.51cto.com/
# Last Updated 2012.03.21

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 873 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 3306 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 8080 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 30000:30030 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

1.使用方法,把以上的内容添加或替换掉 /etc/sysconfig/iptables 文件,vim /etc/sysconfig/iptables 编辑。
2.使规则生效。然后service iptables restart即可生效
3.上面的规则中,只开放了如下端口:22(ssh),21(FTP),80(web),3306(mysql),8000等端口,30000至30030是FTP被动模式的端口,其它的都是禁止。也可以根据自己实际情况进行修改即可使用。

提示:
这个iptables规则,同时支持ftp主动模式、ftp被动模式。对FTP特殊端口应用起到关键应用。
 

你可能感兴趣的:(File,职场,filter,休闲,written)