linux回炉第十八天
原创
©著作权归作者所有:来自51CTO博客作者大雨小柚子的原创作品,请联系作者获取转载授权,否则将追究法律责任
iptables -A INPUT -s 11.0.1.105 -j DROP
iptables -D INPUT -s 11.0.1.105 -j DROP
iptables -nvL
iptables -F
iptables -F OUTPUT
iptables -nvL --line-numbers
iptables -D INPUT 1
五表五链
filter nat mangle raw security
PREROUTING POSTROUTING INPUT OUTPUT FORWARD
iptables -A INPUT -p tcp --dport 23:25 -j DROP
iptables -A INPUT -p icmp --icmp-type 8 -s 11.0.1.105 -j REJECT
iptables -A INPUT -s 11.0.1.58 -p tcp --dport 23:25 -m time --timestart 3:00 --timestop 4:00 -j DROP
iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 2 -j REJECT
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit=10/minute --limit-burst 5 -j ACCEPT
iptables -A INPUT -p icmp -j REJECT
iptables -I INPUT -s 11.0.1.105 -m multiport --dport 80,21,22,23 -m state --state NEW -j LOG --log-prefix "new connections: "
iptables -N web_chain
iptables -E web_chain web_chain_new
iptables -A web_chain_new -s 11.0.1.105 -j REJECT
iptables-save > /opt/iptables.rule
iptables-restore < /opt/iptables.rule
vim /etc/rc.local
chmod +x /etc/rc.local
systemctl status rc-local.service
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j SNAT --to 11.0.1.105
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -d 192.168.1.100 -p tcp --dport 80 -j DNAT --to-destination 11.0.1.105:80
iptables -t nat -A PREROUTING -d 192.168.1.100 -p tcp --dport 80 -j REDIRECT --to-ports 8888
