iptables防火墙设置

Debian/Ubuntu

了解系统初始防火墙情况

iptables -L

卸载ufw

apt remove -y ufw

安装iptables-persistent

apt update -y && apt install -y iptables-persistent nano

编辑文件

nano /etc/iptables/rules.v4

编辑的内容

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p tcp --dport 22 -j ACCEPT

COMMIT

加载规则

iptables-restore < /etc/iptables/rules.v4

systemctl enable netfilter-persistent

systemctl restart netfilter-persistent

查看链与规则

iptables -L

CentOS

了解系统初始防火墙情况

iptables -L

卸载上层防火墙

yum remove -y firewalld

安装

yum update -y && yum install -y iptables-services

启动

systemctl enable iptables

systemctl start iptables

清除已有规则

iptables -F

添加规则

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -P INPUT DROP

iptables -P FORWARD DROP

保存开机生效

service iptables save

查看链与规则

iptables -L