差異處
這裏顯示兩個版本的差異處。
Both sides previous revision 前次修改 下次修改 | 前次修改 | ||
linux:commonsetting:iptables [2015/02/04 14:13] tony |
linux:commonsetting:iptables [2023/06/25 09:48] (目前版本) |
||
---|---|---|---|
行 17: | 行 17: | ||
service firewalld stop | service firewalld stop | ||
</code> | </code> | ||
+ | 允許8080/tcp、SAMBA、NETBIOS與Syslog使用port: | ||
+ | <code bash> | ||
+ | > vim /etc/sysconfig/iptables | ||
+ | # 在-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 後加入 | ||
+ | -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT | ||
+ | </code> | ||
+ | 如果iptabels不存在,可以確認是否有iptables.old或自己產生: | ||
+ | <code bash> | ||
+ | *filter | ||
+ | :INPUT ACCEPT [0:0] | ||
+ | :FORWARD ACCEPT [0:0] | ||
+ | :OUTPUT ACCEPT [0:0] | ||
+ | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
+ | -A INPUT -p icmp -j ACCEPT | ||
+ | -A INPUT -i lo -j ACCEPT | ||
+ | -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | ||
+ | -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
+ | -A FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
+ | COMMIT | ||
+ | </code> | ||
+ | |||
===== Resource ===== | ===== Resource ===== | ||
- | * [[http://dominic16y.world.edoors.com/CKccO3G8LGwQ|Ubuntu防火牆基本設定]] | ||
* [[http://linux.vbird.org/linux_server/0250simple_firewall.php#netfilter|鳥哥私房菜]] | * [[http://linux.vbird.org/linux_server/0250simple_firewall.php#netfilter|鳥哥私房菜]] | ||
+ | * [[https://www.peterdavehello.org/2016/01/ubuntu-based-gnulinux-firewall-ufw-essential-config/|ubuntu firewall]] | ||
===== ===== | ===== ===== |