#关闭firewalld

systemctl stop firewalld.service

#永久停用firewalld

systemctl disable firewalld.service

#清除所有原规则

iptables -F

#允许本地回环接口(即运行本机访问本机)

iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#允许已建立的或相关连的通行

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

#允许所有本机向外的访问

iptables -A OUTPUT -m state –state NEW -j ACCEPT

#允许访问22端口

iptables -I INPUT -s 10.4.33.55 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.4.33.56 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.4.33.57 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.4.33.58 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.4.33.59 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.4.63.7 -p tcp –dport 22 -m state –state NEW -j ACCEPT
iptables -I INPUT -s 10.1.68.32 -p tcp –dport 22 -m state –state NEW -j ACCEPT

#允许访问80端口

iptables -A INPUT -p tcp –dport 80 -m state –state NEW -j ACCEPT

#允许FTP服务的21和20端口

iptables -A INPUT -p tcp –dport 21 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 20 -m state –state NEW -j ACCEPT

#允许mail

iptables -A INPUT -p tcp –dport 110 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 143 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 25 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 993 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 995 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 465 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 8070 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 8071 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 1220 -m state –state NEW -j ACCEPT

#允许海外通邮

iptables -A INPUT -p tcp –dport 8025 -m state –state NEW -j ACCEPT

#允许web

iptables -A INPUT -p tcp –dport 9900 -m state –state NEW -j ACCEPT

#允许nrpe

iptables -A INPUT -p tcp –dport 5777 -m state –state NEW -j ACCEPT

#允许snmp

iptables -A INPUT -p tcp –dport 199 -m state –state NEW -j ACCEPT

#允许coremail

iptables -A INPUT -p tcp –dport 6000:7000 -m state –state NEW -j ACCEPT
iptables -A INPUT -p udp –dport 6100 -m state –state NEW -j ACCEPT

#允许AD

iptables -A INPUT -p tcp –dport 9999 -m state –state NEW -j ACCEPT

#360杀毒

iptables -A INPUT -p tcp –dport 8080 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 8090 -m state –state NEW -j ACCEPT

#允许mysql

iptables -A INPUT -p tcp –dport 3308 -m state –state NEW -j ACCEPT

#允许rose

iptables -A INPUT -p tcp –dport 9527 -m state –state NEW -j ACCEPT
iptables -A INPUT -p tcp –dport 10100 -m state –state NEW -j ACCEPT
iptables -A INPUT -p udp –dport 161 -m state –state NEW -j ACCEPT
iptables -A INPUT -p udp –dport 9528 -m state –state NEW -j ACCEPT
iptables -A INPUT -p udp –dport 3000:3001 -m state –state NEW -j ACCEPT

#如果有其他端口的话，规则也类似，稍微修改上述语句就行

#禁止其他未允许的规则访问

iptables -A INPUT -p tcp -j REJECT ##（注意：如果22端口未加入允许规则，SSH链接会直接断开。）
iptables -A FORWARD -j REJECT

linux7 设置iptables

#关闭firewalld

systemctl stop firewalld.service

#永久停用firewalld

systemctl disable firewalld.service

#清除所有原规则

#允许本地回环接口(即运行本机访问本机)

#允许已建立的或相关连的通行

#允许所有本机向外的访问

#允许访问22端口

#允许访问80端口

#允许FTP服务的21和20端口

#允许mail

#允许海外通邮

#允许web

#允许nrpe

#允许snmp

#允许coremail

#允许AD

iptables -A INPUT -p tcp –dport 9999 -m state –state NEW -j ACCEPT

#360杀毒

#允许mysql

#允许rose

#如果有其他端口的话，规则也类似，稍微修改上述语句就行

#禁止其他未允许的规则访问

关于作者

发表回复取消回复

粤ICP备20052779号

#关闭firewalld

systemctl stop firewalld.service

#永久停用firewalld

systemctl disable firewalld.service

#清除所有原规则

#允许本地回环接口(即运行本机访问本机)

#允许已建立的或相关连的通行

#允许所有本机向外的访问

#允许访问22端口

#允许访问80端口

#允许FTP服务的21和20端口

#允许mail

#允许海外通邮

#允许web

#允许nrpe

#允许snmp

#允许coremail

#允许AD

iptables -A INPUT -p tcp –dport 9999 -m state –state NEW -j ACCEPT

#360杀毒

#允许mysql

#允许rose

#如果有其他端口的话，规则也类似，稍微修改上述语句就行

#禁止其他未允许的规则访问

关于作者

发表回复 取消回复

粤ICP备20052779号

发表回复取消回复