iptables essays

A firewall enabling and disabling:
state: /etc/init.d/iptables status == iptables -nvL
open: /etc/init.d/iptables start
close: /etc/init.d/iptables stop
reboot: / etc /init.d/iptables restart
two, iptables work common parameters:
-L -list displays all the rules of the selected chain
-F -flush Clear all rules
-D -delete delete rule specifies a chain
-I -insert indicate the "rules" which is inserted into the chain
INPUT chain rule processing inbound data
OUTPUT rule processing outbound data link
protocol type tcp -p -protocol matching packets
-m -match matching
--dport num matches the destination port number (complex a plurality of destination ports match multiport)
--sport matching source port number NUM
-n -numeric name IP address does not represent the inverse solution, directly to the IP address
-v -verbos shows a detailed, lengthy, the display counter
-j -jump matching operation corresponding
ACCEPT allows
DROP blocked
three writing iptables rules:
1, show all of the rules:
iptables -L
typically used with two fitting parameters nv
-nvL iptables
2, clear all rules:
iptables -F
. 3, delete a rule:
Remove inbound rules article. 3
iptables -D INPUT. 3
Remove outbound Rule 2
iptables -D the OUTPUT 2
. 4, the INPUT chain Add allow ICMP traffic entry strategy (may the ping)
iptables the -I the INPUT -p ICMP -j ACCEPT
5, ban the ping
iptables -t filter the INPUT DROP -P
6, open 44 ports
iptables -I INPUT -p tcp --dport 44 -j ACCEPT
open ports 44, 56
iptables -I INPUT -p tcp -m multiport --dports 44, 56 -j ACCEPT
open the ports 44-56
iptables -I INPUT -p tcp -m multiport --dports 44: 56 -j ACCEPT
7, allows the user connection from 172.10.1.0/22 ssh (22) service
iptables -I INPUT -s 172.10.1.0/22 -p tcp --dport 22 -j ACCEPT
the user is denied access from 172.10.1.0/22
iptables - I INPUT -s 172.10.1.0/22 -j DROP
8, prevent users from accessing Baidu
iptables -I FORWARD -d www.baidu.com -j DROP