70 lines
1.3 KiB
Markdown
70 lines
1.3 KiB
Markdown
> 本文作者:丁辉
|
|
|
|
# Iptables限制
|
|
|
|
> 80端口举例
|
|
|
|
- 禁止
|
|
|
|
```bash
|
|
iptables -I INPUT -p tcp -m multiport --dport 80 -j DROP
|
|
```
|
|
|
|
```bash
|
|
iptables -I DOCKER -p tcp -m multiport --dport 80 -j DROP
|
|
```
|
|
|
|
- 指定IP允许访问
|
|
|
|
```bash
|
|
iptables -I INPUT -m iprange --src-range 192.168.1.1-192.168.1.2 -p tcp -m multiport --dport 80 -j ACCEPT
|
|
```
|
|
|
|
```bash
|
|
iptables -I DOCKER -m iprange --src-range 192.168.1.1-192.168.1.2 -p tcp -m multiport --dport 80 -j ACCEPT
|
|
```
|
|
|
|
- 指定某网段允许访问
|
|
|
|
```bash
|
|
iptables -I INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 80 -j ACCEPT
|
|
```
|
|
|
|
```bash
|
|
iptables -I DOCKER -s 192.168.1.0/24 -p tcp -m multiport --dport 80 -j ACCEPT
|
|
```
|
|
|
|
- 查看规则
|
|
|
|
```bash
|
|
iptables -nL INPUT --line-numbers
|
|
iptables -nL DOCKER --line-numbers
|
|
```
|
|
|
|
- 删除规则
|
|
|
|
```bash
|
|
iptables -D INPUT 1
|
|
iptables -D DOCKER 1
|
|
```
|
|
|
|
- 持久化
|
|
|
|
```bash
|
|
iptables-save > /etc/sysconfig/iptables
|
|
```
|
|
|
|
```bash
|
|
vim /etc/rc.d/rc.local
|
|
iptables-restore < /etc/sysconfig/iptables
|
|
chmod +x /etc/rc.d/rc.local
|
|
```
|
|
|
|
假设您想要添加一条优先级为 1 的 INPUT 链规则,可以使用以下命令:
|
|
|
|
> 数字越小,优先级越高
|
|
|
|
```bsah
|
|
iptables -I INPUT 1 <规则内容>
|
|
```
|