当前位置:网站首页>Iptables only allows the specified IP address to access the specified port
Iptables only allows the specified IP address to access the specified port
2022-07-07 16:12:00 【Gegwu MMQ!!】
First , Clear all presets
iptables -F# Clear preset table filter Rules of all rule chains in iptables -X# Clear preset table filter User defined rules in the chain
1.
secondly , Setting allows only specified ip Address access specified port
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 22 -j ACCEPT iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT iptables -A OUTPUT -d xxx.xxx.xxx.xxx -p tcp --sport 3306 -j ACCEPT
1.
The top two , Please note that –dport For the target port , When data enters the server from the outside as the target port ; conversely , Data from the server is the data source port , Use --sport
Empathy ,-s Is to specify the source address ,-d Is to specify the destination address .
then , Close all ports
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
1.
Last , Save the current rule
/etc/rc.d/init.d/iptables save service iptables restart
1.
such iptables The rule setting of applies to only acting as MySQL Server management and maintenance , The external address does not provide any services .
If you wish yum If it works , You also need to add the following , allow DNS Requested 53 port , Allow to download randomly generated high ports
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --s
To open 8080 Port as an example :
Mode one :
Log in and copy
1、 Turn on the firewall
systemctl start firewalld
2、 Open designated port
firewall-cmd --zone=public --add-port=1935/tcp --permanent
Meaning of order :
–zone # Scope
–add-port=1935/tcp # Add port , The format is : port / Communication protocol
–permanent # permanent , Failure after restart without this parameter
3、 service iptables restart
firewall-cmd --reload
4、 View port number
netstat -ntlp // View all of the current tcp port ·
netstat -ntulp |grep 8080 // View all 8080 Port usage
Mode two :
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
Mode three :
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
service iptables restart
边栏推荐
- Application example of infinite list [uigridview]
- Postman generate timestamp, future timestamp
- 喜讯!科蓝SUNDB数据库与鸿数科技隐私数据保护管理软件完成兼容性适配
- Aerospace Hongtu information won the bid for the database system research and development project of a unit in Urumqi
- Unity3D_ Class fishing project, bullet rebound effect is achieved
- Detailed explanation of unity hot update knowledge points and introduction to common solution principles
- Three. JS introductory learning notes 19: how to import FBX static model
- Three. JS introductory learning notes 10:three JS grid
- asyncio 概念和用法
- Please supervise the 2022 plan
猜你喜欢
随机推荐
Notification uses full resolution
Apache Doris刚“毕业”:为什么应关注这种SQL数据仓库?
模仿企业微信会议室选择
Xingruige database was shortlisted as the "typical solution for information technology application and innovation in Fujian Province in 2021"
MySQL数据库基本操作-DQL-基本查询
MySQL中, 如何查询某一天, 某一月, 某一年的数据
Is it reliable to open an account on Tongda letter with your mobile phone? Is there any potential safety hazard in such stock speculation
星瑞格数据库入围“2021年度福建省信息技术应用创新典型解决方案”
2022山东智慧养老展,适老穿戴设备展,养老展,山东老博会
Talk about the cloud deployment of local projects created by SAP IRPA studio
js中复选框checkbox如何判定为被选中
Migration and reprint
leetcode 241. Different Ways to Add Parentheses 为运算表达式设计优先级(中等)
95.(cesium篇)cesium动态单体化-3D建筑物(楼栋)
It's different for rich people to buy a house
一个普通人除了去工厂上班赚钱,还能干什么工作?
修改配置文件后tidb无法启动
How does geojson data merge the boundaries of regions?
Limit of total fields [1000] in index has been exceeded
Shipping companies' AI products are mature, standardized and applied on a large scale. CIMC, the global leader in port and shipping AI / container AI, has built a benchmark for international shipping