simple iptables port open and restricted foreign

2010-12-21  来源:本站原创  分类:OS  人气:48 

/ / Set all incoming packets all the machines banned

iptables-P INPUT DROP

/ / Remove the built-in rules Input

iptables-F INPUT

/ / Determine the status of the packet, if it is INVALID (invalid) on the DROP, if it is on the ACCEPT ESTABLISHED or RELATED

iptables-A INPUT-m state - state INVALID-j DROP
iptables-A INPUT-m state - state ESTABLISHED, RELATED-j ACCEPT

/ / Allow circuit access

iptables-A INPUT-i lo-j ACCEPT

/ / External port is only open 8443
iptables-A INPUT-i eth0-p tcp-s 0 / 0 - dport 8443-j ACCEPT

相关文章
  • simple iptables port open and restricted foreign 2010-12-21

    / / Set all incoming packets all the machines banned iptables-P INPUT DROP / / Remove the built-in rules Input iptables-F INPUT / / Determine the status of the packet, if it is INVALID (invalid) on the DROP, if it is on the ACCEPT ESTABLISHED or RELA

  • Iptables port forwarding in Linux to access the database to achieve Jump 2011-07-29

    Scenarios: Suppose A, B, C three devices, A <==> B can visit each other, B <==> C can access each other, A and C can not directly access the Oracle database is installed on C, how A can access C's database? The basic idea: The first reaction i

  • iptables port forwarding to achieve. port mapping and two-way channel 2010-04-17

    Project on the line, there are two servers, A in the public networks. linux rhel5.4, the development of a discount running php shopping network: product discounts yet , the database within the network to deploy to each import data have to ssh to the

  • Iptables port opening 22,53,80 2011-10-04

    iptables -F # Allow packets from the 22 port access iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allowed return from 22 ports into packages iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp --dpo

  • iptables port mapping (80 to 8080) 2011-06-02

    / Ect / sysctl.conf net.ipv4.ip_forward = 1 ROOT privileges to what action to # Iptables-t mangle-I PREROUTING-p tcp - dport 80-j MARK - set-mark 8888 # Iptables-t nat-I PREROUTING-p tcp - dport 80-j REDIRECT - to-ports 8080 # Iptables-I INPUT-p tcp

  • Ignoring the Great Firewall of China 2010-03-30

    http://www.lightbluetouchpaper.org/2006/06/27/ignoring-the-great-firewall-of-china/ http://bbs.isbase.net/viewthread.php?tid=23766 http://www.cl.cam.ac.uk/ ~ rnc1 / http://www.cl.cam.ac.uk/ ~ rnc1/ignoring.pdf http://www.williamlong.info/archives/195

  • Simplify Your Life With an SSH Config File 2014-04-22

    推荐阅读原文,排版更好,有很多评论 If you're anything like me, you probably log in and out of a half dozen remote servers (or these days, local virtual machines) on a daily basis. And if you're even more like me, you have trouble remembering all of the various userna

  • (Transfer) to expand the database naming hibernate generated 2010-06-16

    For the Java developer, Hibernate 3 annotations provide a very good way to demonstrate the domain layer. You can easily automatically generated by Hibernate needs a database structure with the complete SQL scripts. But back to the real world, you nee

  • java get MAC address & understand the Mac Address 2010-08-09

    Achieved by calling the dos command for import java.io. *; public class Test ( public static void main (String [] args) ( try ( Process process = Runtime.getRuntime (). Exec ("ipconfig / all"); InputStreamReader ir = new InputStreamReader (proce

  • Science News in a subdirectory of use 2011-05-26

    Department in helping the school to do a site when the friends used an open source asp background scientific information, although at the end of the server can not be used because the school was forced to cancel this background, but still put in the

  • Internet companies in the technology selection DDOS Defense Talk 2011-04-11

    A friend asked me to buy him choose a hardware firewall to study the results obtained for several hours: Said first conclusion, the conclusion is simple: Iptables in the IP layer can only be used against a simple DDOS, can only use mod_security and o

  • Internet company's technology selection DDOS Defense Talk 2011-04-11

    A friend asked me to buy him choose a hardware firewall to study the results obtained a few hours: Said first conclusion, the conclusion is simple: Iptables can only be used in the IP layer anti simple DDOS, only with mod_security or other self-devel

  • Network Common Command Summary 2011-01-15

    A summary of common network commands In the text before the start of the first to say beside the point. Network on a semester course, a book that can be said of the useful things, not much. On the contrary, there are many metaphysical things, luck wi

  • Explanation to do NAT on linux 2011-07-14

    I do NAT on the linux interpretation of a computer with linux8.0 configure two network cards on the machine, First one is eth1, IP address 218.11.11.11, used to connect outside the network. The second block is eth0, IP address is 192.168.0.1, to conn

  • linux iptables firewall rules port 2011-01-02

    Start Configuration We configure a filter list to the firewall . (1) View of the authority's setup IPTABLES [[email protected] ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt sourc

  • iptables nat and port mapping (reproduced) 2011-04-05

    This article is from the link ( http://www.91linux.com/html/article/network/20090120/15460.html ) Application of iptables (nat + three-tier access control) iptables is a Linux firewall nat + excellent tool, I use this tool to lower the traditional co

  • iptables nat and port mapping 2010-09-27

    Reprinted: http://blog.chinaunix.net/u2/66903/showart_1802022.html Application of iptables (nat + three-tier access control) iptables is a Linux, good nat + firewall tool, I use the tool to the traditional low profile pc configured with a flexible an

  • Mysql Linux iptables open port 2010-03-01

    Modify the firewall configuration file: vi / etc / sysconfig / iptables Add the following line: -A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 3306-j ACCEPT If you want to open port 21, etc., only need to replace 3306 to open port 21, etc

  • Simple port forwarding to achieve improved version of _ to increase the functions of simple thread pool 2010-05-27

    Based on the original code adds a simple thread pool feature, compiled by mingw /** * To increase the profile feature * Increase the thread pool functionality, reducing overhead * Increase the lock function, prevent start a second instance * Error ch

  • iptables open port 80 2010-06-01

    iptables-F iptables-A INPUT-p tcp - dport 22-j ACCEPT / * allow packets from port 22 to enter * / iptables-A OUTPUT-p tcp - sport 22-m state - state ESTABLISHED-j ACCEPT / * allow incoming packets from port 22 to return * / iptables-A OUTPUT-p udp -