Debian/Ubuntu
了解系统初始防火墙情况
iptables -L
卸载之前的防火墙
apt purge -y ufw
apt purge -y iptables-persistent
安装iptables-persistent
apt update -y && apt install -y iptables-persistent nano
编辑文件
nano /etc/iptables/rules.v4
编辑的内容
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp –dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -i lo -j ACCEPT
COMMIT
加载规则
iptables-restore < /etc/iptables/rules.v4
systemctl enable netfilter-persistent
systemctl restart netfilter-persistent
查看链与规则
iptables -L
CentOS
了解系统初始防火墙情况
iptables -L
卸载上层防火墙
yum remove -y firewalld
安装
yum update -y && yum install -y iptables-services
启动
systemctl enable iptables
systemctl start iptables
清除已有规则
iptables -F
添加规则
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
保存开机生效
service iptables save
systemctl restart iptables
查看链与规则
iptables -L
