iptables

防火墙的配置文件
```
  /etc/sysconfig/iptables
```
重启防火墙
```
  service  iptables restart
```

对某个ip开放3306

  -A INPUT -s 101.201.73.130 -p tcp -m tcp --dport 3306 -j ACCEPT

直接开放3306

  -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

规则顺序，需要把ACCEPT放到DROP之前，才能生效

  # cat /etc/sysconfig/iptables
  # Generated by iptables-save v1.4.7 on Mon Jul  2 22:10:19 2018
  *filter
  :INPUT ACCEPT [9:4936]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [49:8299]
  -A INPUT -i lo -j ACCEPT
  -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
  -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -s 192.168.2.163 -j ACCEPT
  -A INPUT -p tcp -m tcp --dport 3306 -j DROP
  -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
  COMMIT
  # Completed on Mon Jul  2 22:10:19 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

iptables.md

iptables.md

iptables

Files

iptables.md

Latest commit

History

iptables.md

File metadata and controls

iptables