Iptables

Материал из CIToRUS wiki
Перейти к: навигация, поиск

RTFM[править]

Неплохой манул по iptables: http://vlikin.blogspot.ru/2011/08/iptables.html

http://safesrv.net/quick-how-to-denyallow-ip-using-iptables/

Useful commands[править]

Посмотреть все правила с номерами линий

 iptables -L --line-numbers

Удалить пятую строчку в цепочке INPUT

 iptables -D INPUT 5

Вставить разрешение на приём tcp-пакетов на порт 57772

 iptables -I INPUT 5 -p tcp --dport 57772 -j ACCEPT

Вставить разрешение на приём tcp-пакетов на порт 27017

 iptables -I INPUT 5 -p tcp -s 94.127.144.189 --dport 27017 -j ACCEPT

Сохранить iptables

 service iptables save

iptables серверов СОУЛП:[править]

Chain INPUT (policy ACCEPT)

num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination



Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 94.127.144.189 anywhere tcp dpt:http

ACCEPT tcp -- 62.33.234.100 anywhere tcp dpt:http

REJECT tcp -- anywhere anywhere tcp dpt:http reject-with icmp-port-unreachable

ACCEPT tcp -- anywhere anywhere tcp dpt:57772

ACCEPT tcp -- anywhere anywhere tcp dpt:ircu-2


Приморье Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 INPUT_direct all -- anywhere anywhere 4 INPUT_ZONES_SOURCE all -- anywhere anywhere 5 INPUT_ZONES all -- anywhere anywhere 6 DROP all -- anywhere anywhere ctstate INVALID 7 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED 2 ACCEPT all -- anywhere anywhere 3 FORWARD_direct all -- anywhere anywhere 4 FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere 5 FORWARD_IN_ZONES all -- anywhere anywhere 6 FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere 7 FORWARD_OUT_ZONES all -- anywhere anywhere 8 DROP all -- anywhere anywhere ctstate INVALID 9 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references) num target prot opt source destination 1 FWDI_public all -- anywhere anywhere [goto] 2 FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references) num target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references) num target prot opt source destination 1 FWDO_public all -- anywhere anywhere [goto] 2 FWDO_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references) num target prot opt source destination

Chain FORWARD_direct (1 references) num target prot opt source destination

Chain FWDI_public (2 references) num target prot opt source destination 1 FWDI_public_log all -- anywhere anywhere 2 FWDI_public_deny all -- anywhere anywhere 3 FWDI_public_allow all -- anywhere anywhere 4 ACCEPT icmp -- anywhere anywhere

Chain FWDI_public_allow (1 references) num target prot opt source destination

Chain FWDI_public_deny (1 references) num target prot opt source destination

Chain FWDI_public_log (1 references) num target prot opt source destination

Chain FWDO_public (2 references) num target prot opt source destination 1 FWDO_public_log all -- anywhere anywhere 2 FWDO_public_deny all -- anywhere anywhere 3 FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references) num target prot opt source destination

Chain FWDO_public_deny (1 references) num target prot opt source destination

Chain FWDO_public_log (1 references) num target prot opt source destination

Chain INPUT_ZONES (1 references) num target prot opt source destination 1 IN_public all -- anywhere anywhere [goto] 2 IN_public all -- anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references) num target prot opt source destination

Chain INPUT_direct (1 references) num target prot opt source destination

Chain IN_public (2 references) num target prot opt source destination 1 IN_public_log all -- anywhere anywhere 2 IN_public_deny all -- anywhere anywhere 3 IN_public_allow all -- anywhere anywhere 4 ACCEPT icmp -- anywhere anywhere

Chain IN_public_allow (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW 2 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references) num target prot opt source destination

Chain IN_public_log (1 references) num target prot opt source destination

Chain OUTPUT_direct (1 references) num target prot opt source destination