1、安装iptables
sudo apt-get install iptables
2、 查看系统是否安装防火墙
root@hcube-server:/# which iptables
/usr/sbin/iptables
root@hcube-server:/# whereis iptables
iptables: /usr/sbin/iptables /etc/iptables /usr/share/iptables
说明已经安装了iptables
3、查看防火墙的配置信息
iptables -L
4、 新建规则文件
mkdir /etc/iptables
4.1 编辑规则文件
vim /etc/iptables/rules.v4
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
4.2 使防火墙生效
iptables-restore < /etc/iptables/rules.v4
5、配置iptables自启动
vim /etc/network/if-pre-up.d/iptables
内容
#!/bin/bash iptables-restore < /etc/iptables/rules.v4
6、给文件权限
chmod +x /etc/network/if-pre-up.d/iptables
7、查看规则是否生效
iptables -L -n
8、暂时关闭、开放所有端口
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
=========================================
1、开启iptables端口
开启1521端口:
iptables -A INPUT -p tcp --dport 1521 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1521 -j ACCEPT
2、保存iptables设置,重启iptables
在更改完设置后要先保存设置:
service iptables save
然后再重启iptables才能使设置生效:
service iptables restart
3、看端口
输入命令查看已开端口:
iptables -L -n
参考
https://www.cnblogs.com/ivychang/p/5636144.html
https://www.ngui.cc/zz/2304486.html?action=onClick