差異處
這裏顯示兩個版本的差異處。
| Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
|
linux:commonsetting:iptables [2013/02/24 21:57] tony |
linux:commonsetting:iptables [2023/06/25 09:48] (目前版本) |
||
|---|---|---|---|
| 行 7: | 行 7: | ||
| * eth0允許區網存取: iptables -A INPUT -i eth0 -s 192.168.12.0/24 -j ACCEPT | * eth0允許區網存取: iptables -A INPUT -i eth0 -s 192.168.12.0/24 -j ACCEPT | ||
| * 清除設定: iptables -F,清除既定規則;iptables -X,清除user define的chain;iptables -Z: 清除統計資料。 | * 清除設定: iptables -F,清除既定規則;iptables -X,清除user define的chain;iptables -Z: 清除統計資料。 | ||
| + | ===== RHEL5/6 ===== | ||
| + | 停止防火牆服務: | ||
| + | <code bash> | ||
| + | service iptables stop | ||
| + | </code> | ||
| + | ===== RHEL7 ===== | ||
| + | 停止防火牆服務: | ||
| + | <code bash> | ||
| + | service firewalld stop | ||
| + | </code> | ||
| + | 允許8080/tcp、SAMBA、NETBIOS與Syslog使用port: | ||
| + | <code bash> | ||
| + | > vim /etc/sysconfig/iptables | ||
| + | # 在-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 後加入 | ||
| + | -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT | ||
| + | </code> | ||
| + | 如果iptabels不存在,可以確認是否有iptables.old或自己產生: | ||
| + | <code bash> | ||
| + | *filter | ||
| + | :INPUT ACCEPT [0:0] | ||
| + | :FORWARD ACCEPT [0:0] | ||
| + | :OUTPUT ACCEPT [0:0] | ||
| + | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
| + | -A INPUT -p icmp -j ACCEPT | ||
| + | -A INPUT -i lo -j ACCEPT | ||
| + | -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | ||
| + | -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
| + | -A FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
| + | COMMIT | ||
| + | </code> | ||
| ===== Resource ===== | ===== Resource ===== | ||
| - | * [[http://dominic16y.world.edoors.com/CKccO3G8LGwQ|Ubuntu防火牆基本設定]] | ||
| * [[http://linux.vbird.org/linux_server/0250simple_firewall.php#netfilter|鳥哥私房菜]] | * [[http://linux.vbird.org/linux_server/0250simple_firewall.php#netfilter|鳥哥私房菜]] | ||
| + | * [[https://www.peterdavehello.org/2016/01/ubuntu-based-gnulinux-firewall-ufw-essential-config/|ubuntu firewall]] | ||
| ===== ===== | ===== ===== | ||
