linux防火墙禁用445端口,启用iptables防火墙,要求INPUT方向允许任意主机访问ICMP、TCP的21、22、80、139、445端口,INPUT其他默认禁止访问。...
如下三条命令就可以了:设置INPUT的默认策略iptables-PINPUTDROP开放INPUT的icmpiptables-IINPUT1-picmp-jACCEPT开放tcp上的21,22,80,139,445端口iptables-IINPUT1-ptcp-mmultiport--dports21,22,80,139,445-jACCEPT虚拟机上操作...
如下三条命令就可以了:
设置INPUT的默认策略
iptables -P INPUT DROP
开放INPUT的icmp
iptables -I INPUT 1 -p icmp -j ACCEPT
开放tcp上的21,22,80,139,445端口
iptables -I INPUT 1 -p tcp -m multiport --dports 21,22,80,139,445 -j ACCEPT
虚拟机上操作示例:
[root@RHEL6A ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26 2012 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1 32 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 25 packets, 2204 bytes)
pkts bytes target prot opt in out source destination
[root@RHEL6A ~]# iptables -P INPUT DROP
[root@RHEL6A ~]# iptables -I INPUT 1 -p icmp -j ACCEPT
[root@RHEL6A ~]# iptables -I INPUT 1 -p tcp -m multiport --dports 21,22,80,139,445 -j ACCEPT
[root@RHEL6A ~]# iptables -L -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
13 884 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,22,80,139,445
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
37 2684 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
1 32 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 8 packets, 1104 bytes)
pkts bytes target prot opt in out source destination
华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)