iptables 設置特定IP訪問指定端口

時間  2019-11-13
標籤 iptables 設置 特定 訪問 指定 端口 欄目 系統網絡 简体版
原文   原文鏈接

1、添加規則:設置禁止全部IP訪問指定端口8075服務器

[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP

2、測試telnet tcp

[root@zabbix_server ~]# telnet 127.0.0.1 8075
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection timed out

3、刪除規則:測試

一、查詢規則編號spa

[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP 83 packets, 4016 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        8   408 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
2     144M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3     4037  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
4        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
5     4085  218K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
6    22638 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
7     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
8     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
9    76134 4093K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051

能夠看到禁止訪問8075的規則編號爲1rest

二、刪除指定規則編號的規則code

[root@zabbix_server ~]# iptables -D INPUT 1

再查詢server

[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP 20 packets, 961 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     144M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2     4038  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
4     4087  218K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
5    22644 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
6     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
7     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
8    76156 4094K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
9       44  2208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dp

已經刪除了,測試telnetblog

[root@zabbix_server ~]# telnet 127.0.0.1 8075
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

4、設置指定IP訪問指定端口8075ip

一、添加規則:禁止全部IP訪問8075get

[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP
[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP 3 packets, 156 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
2     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3     4038  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
4        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
5     4090  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
6    22650 1169K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
7     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
8     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
9    76183 4095K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
10      44  2208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3000 
11       7   284 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5672 
12       2    80 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dp

二、添加規則:容許127.0.0.1訪問8075

[root@zabbix_server ~]# iptables -I INPUT -s 127.0.0.1 -p tcp --dport 8075 -j ACCEPT

三、查詢規則:

[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP 20 packets, 1004 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           tcp dpt:8075 
2        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
3     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
4     4039  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
5        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
6     4096  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
7    22660 1170K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
8     264K   14M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
9     443K   23M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050

規則已經添加,測試

[root@zabbix_server ~]# telnet 127.0.0.1 8075
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

本機能夠訪問8075,其餘機器上不能訪問8075

[root@localhost etc]# telnet 172.28.18.75 8075
Trying 172.28.18.75...
telnet: connect to address 172.28.18.75: Connection timed out

四、容許172.28.18.71能夠訪問8075,(172.28.18.71是須要訪問8075的服務器)

[root@zabbix_server ~]# iptables -I INPUT -s 172.28.18.71 -p tcp --dport 8075 -j ACCEPT

查看規則

[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP 9 packets, 456 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       172.28.18.71         0.0.0.0/0           tcp dpt:8075 
2        3   132 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           tcp dpt:8075 
3        7   420 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8075 
4     145M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
5     4040  214K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
6        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
7     4100  219K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
8    22674 1171K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306

在172.28.18.71上測試telnet 8075

[root@localhost etc]# telnet 172.28.18.75 8075
Trying 172.28.18.75...
Connected to 172.28.18.75.
Escape character is '^]'.

訪問成功,保存規則

[root@zabbix_server ~]# service iptables save
iptables:將防火牆規則保存到 /etc/sysconfig/iptables:[肯定]

重啓服務

[root@zabbix_server ~]# service iptables save
iptables:將防火牆規則保存到 /etc/sysconfig/iptables:[肯定]
[root@zabbix_server ~]# service iptables restart
iptables:將鏈設置爲政策 ACCEPT:filter [肯定]
iptables:清除防火牆規則:[肯定]
iptables:正在卸載模塊:[肯定]
iptables:應用防火牆規則:[肯定]
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程