1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
| [root@VM-1-3-centos ~]# iptables -A INPUT -m state --state NEW -p tcp -m multiport --dport 80,443,20,21,39000:40000 -j ACCEPT [root@VM-1-3-centos ~]# iptables -L -n -v Chain INPUT (policy ACCEPT 17 packets, 1140 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 80,443,20,21,39000:40000
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15 packets, 2232 bytes) pkts bytes target prot opt in out source destination [root@VM-1-3-centos ~]# iptables -A INPUT -s 222.90.156.52,172.16.0.0 -p tcp --dport 22 -j ACCEPT # 只允许 222.90.156.52,172.16.0.0 访问ssh [root@VM-1-3-centos ~]# iptables -L -n -v Chain INPUT (policy ACCEPT 17 packets, 1208 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 80,443,20,21,39000:40000 0 0 ACCEPT tcp -- * * 222.90.156.52 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 172.16.0.0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 16 packets, 3127 bytes) pkts bytes target prot opt in out source destination [root@VM-1-3-centos ~]# # 保存规则与恢复规则 [root@VM-1-3-centos ~]# iptables-save > /opt/ipt.txt # 保存规则 [root@VM-1-3-centos ~]# iptables -F # 清除规则 [root@VM-1-3-centos ~]# iptables -L -n -v # 查看规则 Chain INPUT (policy ACCEPT 10 packets, 632 bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 660 bytes) pkts bytes target prot opt in out source destination [root@VM-1-3-centos ~]# iptables-restore /opt/ipt.txt # 恢复规则 [root@VM-1-3-centos ~]# iptables -L -n -v Chain INPUT (policy ACCEPT 10 packets, 588 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports 80,443,20,21,39000:40000 0 0 ACCEPT tcp -- * * 222.90.156.52 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 172.16.0.0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 9 packets, 1608 bytes) pkts bytes target prot opt in out source destination
|