Perform general operations on iptables

One 、 Sort out the allowed access to IP Address
1、ES client IP Address

192.168.32.120
192.168.32.121

2、 The node's location in cluster IP Address

192.168.32.122
192.168.32.123
192.168.32.124

Two 、 Sign in ES host (ubantu For example ), Execute the following command

#  establish iptables Policy save path 
mkdir -p /etc/iptables

#  Allow hosts in the cluster IP Visit native 9200 port 
iptables -A INPUT -s 192.168.32.123 -p tcp --dport 9200 -j ACCEPT
iptables -A INPUT -s 192.168.32.124 -p tcp --dport 9200 -j ACCEPT
#  allow ES client IP Address access to this machine 9200 port 
iptables -A INPUT -s 192.168.32.120 -p tcp --dport 9200 -j ACCEPT
iptables -A INPUT -s 192.168.32.121 -p tcp --dport 9200 -j ACCEPT

#  Prohibit all except the above policy IP Visit native 9200 port （ The last item ）
iptables -A INPUT -p tcp --dport 9200 -j REJECT

#  If you want to add the above strategy basically iptables Strategy , Use -I Parameters 
iptables -I INPUT -s 192.168.32.121 -p tcp --dport 9200 -j ACCEPT

#  View the added iptables The rules 
iptables -L -n --line-numbers
#  Delete an added iptables The rules 
iptables -D INPUT 1

# Save added iptables Rule to local file path 
iptables-save > /etc/iptables/iptables.rules
# Recover from a saved file iptables The rules 
iptables-restore < /etc/iptables/iptables.rules
# Configure automatic loading after power on iptables Policy file 

edit iptables after

End of input iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 after

perform iptables-save

Be careful ：iptables-save It's connected , It's a command , It's not a parameter
iptables-save Just list the current settings , This is not to save the configuration
If you use RedHat series , You should use service iptables save preservation , use chkconfig iptables on Enable startup

If it is not RedHat series , You can manually save... Using the following method / Restore configuration

 preservation 
iptables-save > /root/iptables.conf
 recovery 
iptables-restore < /root/iptables.conf