Iptables only allows the specified IP address to access the specified port

First , Clear all presets

iptables -F# Clear preset table filter Rules of all rule chains in iptables -X# Clear preset table filter User defined rules in the chain
1.

secondly , Setting allows only specified ip Address access specified port

iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT
1.

The top two , Please note that –dport For the target port , When data enters the server from the outside as the target port ; conversely , Data from the server is the data source port , Use --sport

Empathy ,-s Is to specify the source address ,-d Is to specify the destination address .

then , Close all ports

iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
1.

Last , Save the current rule

/etc/rc.d/init.d/iptables save service iptables restart
1.

such iptables The rule setting of applies to only acting as MySQL Server management and maintenance , The external address does not provide any services .

If you wish yum If it works , You also need to add the following , allow DNS Requested 53 port , Allow to download randomly generated high ports

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --s

To open 8080 Port as an example ：

Mode one ：

Log in and copy
1、 Turn on the firewall
systemctl start firewalld

2、 Open designated port
firewall-cmd --zone=public --add-port=1935/tcp --permanent
Meaning of order ：
–zone # Scope
–add-port=1935/tcp # Add port , The format is ： port / Communication protocol
–permanent # permanent , Failure after restart without this parameter

3、 service iptables restart
firewall-cmd --reload

4、 View port number
netstat -ntlp // View all of the current tcp port ·

netstat -ntulp |grep 8080 // View all 8080 Port usage

Mode two ：

/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

Mode three ：

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

service iptables restart