课程第32次
直接用iptables来实现firewalld的功能:1. 禁用firewalld:
systemctl stop firewalld
systemctl mask firewalld2. 查看iptables两张表(filter表和nat表的规则):
# iptables -t filter -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
# iptables -t filter -A INPUT -i ens33 -s 192.168.0.0/24 -p tcp --dport 80 -j REJECT
# iptables -I INPUT -p tcp --dport 443 -j REJECT
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:443 reject-with icmp-port-unreachable
REJECT tcp--192.168.0.0/24 0.0.0.0/0 tcp dpt:80 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
页:
[1]