iptables firewall software is commonly used on Linux, iptables said the following about the installation, removal iptables rules, iptables only open the specified port, iptables shield designated ip, ip segment and re-opened, delete iptables rules have been added, and other basic settings iptables boot application.
First, install a firewall iptables
If you do not need to install iptables, CentOS execution:
iptables install yum - the y- yum install iptables -services -y # CentOS7 need to install the iptables service package #
7 CentOS default installation of firewalld advised to turn off and disable:
systemctl stop firewalld
systemctl mask firewalld
Second, remove the existing iptables rules
iptables -F iptables -X iptables -Z
Third, open the specified port
-A -I parameters and rules are added to the front end and rules.
# Allow the local loopback interface (i.e., access to the machine running native) iptables -A the INPUT LO -i - J ACCEPT # allowing an established traffic to or connected iptables -A the INPUT -m State --state the ESTABLISHED, The RELATED - J ACCEPT # allows access to all local outwardly iptables -A the OUTPUT - J ACCEPT # allow access to port 22 iptables -A INPUT -p tcp --dport 22 - J ACCEPT # allow access to port 80 iptables -A INPUT -p tcp --dport 80 - J ACCEPT # allow access to the port 443 iptables -A -p TCP --dport the INPUT 443 - J ACCEPT # allow FTP service ports 21 and 20 iptables -p TCP --dport the INPUT -A 21 - J ACCEPT iptables -A the INPUT -p tcp --dport 20 -J ACCEPT # If there are other ports, then the rule is similar, slightly modify the above statement on the line # permit of ping iptables -A -m ICMP ICMP --icmp the INPUT -p-type. 8 - J ACCEPT # prohibit other rules are not allowed to access iptables - -j REJECT the INPUT A # (Note: If the port is not added to allow rule 22, SSH will directly link disconnect) iptables -A -j REJECT the FORWARD
Fourth, shielding IP
# If you just want to talk shield IP "3, open the specified port" section of settings can skip. # Mask command is a single IP iptables -I the INPUT -s 123.45.6.7 - J the DROP # seal the entire segment i.e. from 123.0.0.1 to 123.255.255.254 command iptables -s 123.0.0.0/8 the INPUT -I - J the DROP # seal IP segment i.e. from 123.45.0.1 to 123.45.255.254 command iptables -I the INPUT -s 124.45.0.0/16 - the DROP J # IP closure segment i.e. from 123.45.6.1 to 123.45.6.254 command is iptables -I INPUT -s 123.45 .6.0 / 24 -j DROP
Fifth, an IP block or allow access to specific ports
# Mask an IP access to specific ports to 22 ports is an example command iptables the -I -s 123.45.6.7 the INPUT -p tcp --dport 22 - J DROP # allow an IP access to specific ports to 22 ports is an example command iptables 22 is the INPUT -p TCP --dport -I - J the DROP iptables -I -p TCP --dport the INPUT -s 123.45.6.7 22 is -j ACCEPT
Six, see iptables rules have been added
iptables -L -n
v: show details, including the number of matches and the number of bytes of the packet matching each rule of
x: v on the basis, disable the automatic unit conversion (K, M
n-: show only IP address and port number, does not resolve to ip domain name
Seven, to remove iptables rules have been added
Reference numerals in all iptables display, perform:
iptables -L -n --line-numbers
For example, to delete INPUT in Rule 8 of the serial number (if you want to delete OUTPUT OUTPUT changed, and so on), execute:
iptables -D INPUT 8
Eight, the boot and save iptables rules
There may be installed after the CentOS iptables, iptables does not boot from the start, you can do this:
chkconfig --level 345 iptables on
CentOS7 executable:
systemctl enable iptables
Will add boot.
On CentOS can perform: service iptables save to save the rule.