Linux firewall configuration, only a fixed IP and port to access the perfect solution

// add open ports and fixed ip

vi  /etc/sysconfig/iptables

 

[Root @ root220156 /] # echo "unset MAILCHECK" >> / etc / profile Block pop-up e-mail

Open fixed ip and port access configuration:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.137.5 -m multiport --dports 10102,80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.137.21 -m multiport --dports 10102,80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.137.1 -m multiport --dports 10102,80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.17.157 -m multiport --dports 10102,80 -j ACCEPT

 

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.115.23  --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.107.233  --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

service iptables restart restart firewall