Basic application tutorial for iptables firewall on Linux

iptables is a commonly used firewall software on Linux. The following vps detectives tell you about iptables installation, clear iptables rules, iptables only open specified ports, iptables shield specified ip, ip segments and unblock, delete added iptables rules The basic application of iptables. 1, install iptables firewall

If you do not install iptables need to be installed first, CentOS implementation: yum install iptables

Debian/Ubuntu implementation: apt-get install iptables 2, clear existing iptables rules iptables - F iptables -X iptables -Z 3. Open the specified port #Allow the local loopback interface (that is, run the machine to access the machine) iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT # Allow established or Related iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT #Allow all native access to iptables -A OUTPUT -j ACCEPT # Allow access to port 22 iptables -A INPUT -p tcp – Dport 22 -j ACCEPT #Allow access to port 80 iptables -A INPUT -p tcp –dport 80 -j ACCEPT #Allow FTP ports 21 and 20 iptables -A INPUT -p tcp –dport 21 -j ACCEPT iptables -A INPUT -p tcp –dport 20 -j ACCEPT #If there are other ports, the rules are similar. Modify the above statement slightly. #Prohibit other unallowed rules from accessing iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT 4, shield IP # If you just want to block the IP, then "3, open the specified port" can be skipped directly. #Screening a single IP command is iptables -I INPUT -s 123.45.6.7 -j DROP #封The entire segment is from 123.0.0.1 to 123.255.255.254 command iptables -I INPUT -s 123.0.0.0/8 -j DROP #封The IP segment is the command from 123.45.0.1 to 123.45.255.254 iptables -I INPUT -s 124.45.0.0/16 -j DROP #封IP segment is the command from 123.45.6.1 to 123.45.6.254 is iptables -I INPUT -s 123.45 .6.0/24 -j DROP 4. View the added iptables rules iptables -L -n

v: Display details, including the number of matching packets and the number of matching bytes per rule x: in v On the basis of this, automatic unit conversion (K, M) is prohibited. vps Detective n: only shows the IP address and port number, does not resolve ip to domain name 5, deletes the added iptables rule

marks all iptables by serial number Display, execute: iptables -L -n –line-numbers

For example, to delete the rule with sequence number 8 in INPUT, execute: iptables -D INPUT 8 6. Startup and rule saving of iptables

CentOS may exist after installing iptables, iptables does not boot from boot, you can execute: chkconfig & Ndash;level 345 iptables on

Add it to the boot.

CentOS can be executed: service iptables save save rules.

In addition, it is more important to note that iptables on Debian/Ubuntu does not save rules.

You need to follow the steps below, let the NIC close is to save the iptables rules, load iptables rules at startup:

Create /etc/network/if-post-down.d/iptables file, add The following content: #!/bin/bash iptables-save > /etc/iptables.rules

Execute: chmod +x /etc/network/if-post-down.d/iptables Add execute permission.

Create the /etc/network/if-pre-up.d/iptables file and add the following: #!/bin/bash iptables-restore < /etc/iptables.rules

Execute: chmod +x /etc/network/if-pre-up.d/iptables Add execute permission.

More iptables can be used to execute: iptables –help or online search for iptables parameters.