1. Check the default iptables table (filter)
iptables -L -n
2.iptables default within the chain (filter) three kinds of tables:
INPUT: enter the firewall packet processing
FORWARD: from another computer, the firewall does not receive, but Forwarding (Routing)
OUTPUT: processing data packets sent by the firewall
3. Add rule that denies the packet protocol icmp
iptables -A INPUT -p icmp -j DROP // - A [Strategy] -p [Protocol] -j [Action] (discard the DROP, ACCEPT allowed, REJECT rejection)
Here it is to delete the rule you just added
Why iptables -D INPUT 5 // this number is 5, because the INPUT strategy, tactics we just added a few from top to bottom, line 5
4. disable the rule to a particular IP
iptables -A INPUT -s 192.168.72.130 -p tcp --dport 22 -j DROP // here specified IP port number DROP
5. Set the default rule, all packets filtering, direct DROP // I'm here to set up to allow port 22, so as not connect ssh
iptables -t filter -P INPUT DROP // see red arrow default is ACCEPT, setting defaults to DROP, all packets will be coming DROP
=
6. The insertion rules, because the rules are in accordance with the matching sorted from top to bottom , and sometimes we have to insert all of the rules in the middle
iptables -I INPUT 2 -s 192.168.72.0/24 -p tcp --dport 22 -j ACCEPT // -A changed as long as the parameters -I, after the insertion position of the policy number to add
7. After you save the rule
service iptables save // execute command to save the setting good rule, rule set configuration file in / etc / sysconfig / iptables
I'm not here to start using the service iptables save, because to install iptables-services, using the fame and fortune before installing the 7.6 version of such a situation