iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD ACCEP
基本語(yǔ)法:
iptables [-t filter] [-AI INPUT,OUTPUT,FORWARD] [-io interface]
[-p tcp,udp.icmp,all] [-s ip/nerwork] [--sport ports]
[-d ip/netword] [--dport ports] [-j ACCEPT DROP]
添加規(guī)則:
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 8080 -j DROP
或者
vi ? /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
service iptables restart
保存:
/etc/init.d/iptables ?save
查看:
/etc/init.d/iptables status
iptables ?-L -n
關(guān)閉:
/etc/init.d/iptables ?stop
將外網(wǎng)訪問192.168.75.5的80端口轉(zhuǎn)發(fā)到192.168.75.3:8000端口罗售。
# iptables -t nat -A PREROUTING -d 192.168.75.5 -p tcp --dport 80 -j DNAT --to-destination 192.168.75.3:8000
將192.168.75.38000端口將數(shù)據(jù)返回給客戶端時(shí),將源ip改為192.168.75.5
# iptables -t nat -A POSTROUTING -d 192.168.75.3 -p tcp --dport 8000 -j SNAT 192.168.75.5
