ubuntu下iptables的安装和设置
<p>查看iptables是否有安装,执行以下命令:</p><p><img src="https://img2020.cnblogs.com/blog/1853665/202005/1853665-20200514182521178-2048785086.png"></p>
<p> </p>
<p>有以上信息表示已安装,若没有安装,请执行安装命令,如下:</p>
<div class="cnblogs_code">
<pre>sudo apt-get install iptables</pre>
</div>
<p> </p>
<p>设置规则如下,执行命令:vi /etc/iptables.rules——在/etc/创建一个文件iptables.rules,添加规则,譬如:</p>
<div class="cnblogs_code">
<pre>*<span style="color: rgba(0, 0, 0, 1)">filter
:INPUT DROP
:FORWARD ACCEPT
:OUTPUT ACCEPT
</span>-A INPUT -s 127.0.0.1 -j ACCEPT <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)">允许本机(127.0.0.1)访问所有协议的端口</span>
-A INPUT -p tcp -m multiport --dports 80,43,8005 -j ACCEPT <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)">允许全部ip访问80,43,8005端口</span>
-A INPUT -s 11.11.11.11/12 -p tcp -m tcp --dport 4800 -j ACCEPT <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)">允许两个ip:11.11.11.11,11.11.11.12访问多4800端口</span>
-A INPUT -s 11.11.11.11/12 -p tcp -m multiport --dports 90,91,92 -j ACCEPT <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)">允许两个ip:11.11.11.11,11.11.11.12访问多个端口:90,91,92</span>
-A INPUT -m state --state RELATED,ESTABLISHED -<span style="color: rgba(0, 0, 0, 1)">j ACCEPT
</span>-A OUTPUT -m state --state RELATED,ESTABLISHED -<span style="color: rgba(0, 0, 0, 1)">j ACCEPT
COMMIT</span></pre>
</div>
<p> </p>
<p>设置后执行命令使防火墙生效:</p>
<div class="cnblogs_code">
<pre>iptables-restore < /etc/iptables.rules</pre>
</div>
<p> </p>
<p>修改/etc/network/interfaces,设置开机自动加载,添加下面2条语句:</p>
<div class="cnblogs_code">
<pre>pre-up iptables-restore < /etc/<span style="color: rgba(0, 0, 0, 1)">iptables.rules
post</span>-down iptables-save > /etc/iptables.rules<br><br></pre>
</div>
<p> </p>
<p>查看防火墙规则是否生效,执行命令:</p>
<div class="cnblogs_code">
<pre>iptables -L -n</pre>
</div>
<p><span lang="EN-US">ubuntu中没有直接停止关闭iptables的命令,需要执行:</span></p>
<div class="cnblogs_code">
<pre>iptalbes -<span style="color: rgba(0, 0, 0, 1)">F
iptables </span>-<span style="color: rgba(0, 0, 0, 1)">X
iptables </span>-<span style="color: rgba(0, 0, 0, 1)">Z
iptables </span>-<span style="color: rgba(0, 0, 0, 1)">P INPUT ACCEPT
iptables </span>-<span style="color: rgba(0, 0, 0, 1)">P OUTPUT ACCEPT
iptables </span>-<span style="color: rgba(0, 0, 0, 1)">P FORWARD ACCEPT
modprobe </span>-r ip_tables</pre>
</div>
<p> </p>
<p>启动iptables</p>
<div class="cnblogs_code">
<pre>modprobe ip_tables</pre>
</div>
<p> </p>
<p><span lang="EN-US"> </span></p><br><br>
来源:https://www.cnblogs.com/nimantou/p/12890780.html
頁:
[1]