The basic use of iptables

Enterprise 2019-06-28 21:16:49 views: null

1, iptables composition: kernel mode: integrated in the kernel function. User mode: Management command after the package installation services

2, function iptables services: View, edit, delete, add rules

3, consisting of iptables:
functional bracelet
ip packet filtering: filter INPUT, FORWARD, OUTPUT
Network Address Translation: nat PREROUTING, POSTROUTING, OUTPUT
on ip packet marking: mangle PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING
do status tracking: raw PREROUTING , OUTPUT

The direction of the chain
into the host firewall INPUT
through the firewall host the FORWARD
the OUTPUT out from the firewall host
PREROUTING route before
the route POSTROUTING

4, the basic syntax rules: iptables -t option chain management table name matching rule -j processing operation
A, management options: -L view, -F Clear, -D purge certain rule, -A chain modified adding rules -P the default rule, -I insert the rule
iptables -t filter -nL --line-numbers // all of the default rule to view the table of
iptables -t filter -D iNPUT 3 // delete table input third rule chains
iptables -t filter -F INPUT // clear the table of all rules in chain
iptables -t filter -F // delete all the rules of the table
service iptables save // save, so set up permanent
B, processing actions: ACCEPT rEJECT refused to allow DROP discard
iptables -t filter -P INPUT DROP // modify default rule chain is the DROP
C, matching condition :-p protocol (udp, tcp) --sport (source port number) --dport (destination port), a source address: - source destination address: - desi

Host-based firewalls (server protect themselves)
iptables -t filter -A --dport the INPUT -p TCP -j ACCEPT // 22 to increase the chain table 22 to access port
iptables -t filter -A INPUT -p tcp --dport 80 // ACCEPT -j
iptables -I -t filter the INPUT --source 192.168.4.102. 1 -p TCP -j --dport 22 is the DROP //
iptables -t filter -A --icmp the INPUT -p-type ICMP echo-Reply - j ACCEPT // open ping other native host

Network firewall (bridged between the two network servers, to protect the internal network)
iptables -t filter -P // modify the DROP rule the FORWARD chain is the default drop
iptables -t filter -A -p TCP --dport 22 is the FORWARD - j ACCEPT // purpose of increasing the access port 22
iptables access -t filter -A FORWARD -p tcp --sport 22 -j ACCEPT // increase the source port 22

Network Address Translation: nat table (conversion source address, destination address converter)
1, so that all the hosts within the network to share a public network address of the Internet ip
iptables -t nat -A POSTROUTING -s 192.168.4.0/24 -p tcp --dport 80 the SNAT --to-eth1 -j -o 192.168.2.101 Source
2, publisher network server
iptables -t nat -A PREROUTING -i eth1 -d 192.168.2.101 -p tcp --dport 80 -j DNAT --to-destination 192.168.4.102

Guess you like

Origin blog.51cto.com/14421484/2415016
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com