vi /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Fri Aug 25 10:54:48 2017 *filter :INPUT ACCEPT [6128:1521617] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5824:2626314] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT -A INPUT -s xx.xxx.xx.xx/32 -p tcp -m conntrack --ctstate NEW -m tcp --dport 1521 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 1521 -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT 另外一种,好像和上面一样,只是先后顺序不一样 --source 对应 -s 估计是简写吧 # Generated by iptables-save v1.4.7 on Wed Aug 23 18:00:46 2017 *filter :INPUT ACCEPT [90:26030] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [61:9044] -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 1521 --source xx.xxx.xx.xx/32 -j ACCEPT -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 1521 -j REJECT --reject-with icmp-host-prohibited -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp --dport 27017 -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Aug 23 18:00:46 2017 ~ 修改配置后。直接service iptables restart 就可以了
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。