iptables is a powerful tool for network traffic management in Linux systems.
iptables rules take effect immediately, without restarting services or loading configurations. Therefore, one must be very careful, or lock yourself out of the system.
Do not run firewalld and ipatables at the same time.
Always apply the rules that get you into the system first.
1. Basic operation commands of iptables
Query firewall status: service iptables status (systemctl status iptables.service)
Stop firewall: service iptables stop (systemctl stop iptables.service)
Start firewall: service iptables start (systemctl start iptables.service)
Restart firewall: service iptables restart (systemctl restart iptables .service)
Permanently disable the firewall: chkconfig iptables off
Enable after permanent shutdown: chkconfig iptables on
2. View address and port details
iptables -nvl or iptables -L -n --line-number
Among them, ACCEPT in the target column means acceptance, and REJECT means rejection
3. View or modify the iptables configuration file
cat /etc/sysconfig/iptables
It can be directly edited and modified in it.
4. Clear existing rules
iptables -F 或 iptables --flush
5. Add open port 8002 access
Add rule has two parameters: -A and -I. Among them, -A is added to the end of the rule; -I can be inserted into the specified position, and if there is no specified position, it will be inserted into the head of the rule by default. And --dport is the target port. When the data enters the server from the outside, it is the target port. Otherwise, the data goes out from the server, and it is the data source port. Use --sport
iptables -I INPUT -p tcp --dport 8002 -j ACCEPT
6. Delete port 8002 access
Delete with -D parameter. We first find out all the rule information, use iptables -L -n --line-number to find out. There is a num in the displayed list to indicate which column it is. Then we can delete it, such as deleting the second rule.
iptables -D INPUT 2
7. Prohibit 192.168.1.2 IP access
iptables -A INPUT -p tcp -s 192.168.1.2 -j DROP
8. Save iptables setting rules
service iptables save