yum -y install iptables
//三张表 filter  nat mangle

[root@wang /]# iptables -t filter -nvL

[root@wang /]# iptables -t nat -nvL

Chain PREROUTING (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@wang /]# iptables -t mangle -nvL

Chain PREROUTING (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT  packets,  bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@wang /]# filter INPUT OUTPUT 用的最多^C
[root@wang /]# iptables -t filter -I INPUT -p TCP --dport 80 -s 12.12.12.12 -j REJECT  //filter表 INPUT表 TCP包 端口80 来源IP 操作DROP扔掉 REJECT拒绝 
[root@wang /]# iptables -t filter -nvL  //查看

[root@wang /]# iptables -Z  //清空数字

[root@wang /]# iptables -F  //清楚全部规则

//最后记得保存规则 否则重启后会扔掉

[root@wang /]# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
[root@wang /]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Dec 22 02:56:51 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [32:4672]
-A INPUT -s 12.12.12.12/32 -p tcp -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Dec 22 02:56:51 2016

//清空所有规则  恢复备份规则

[root@wang /]# iptables -F
[root@wang /]# iptables -nvL
Chain INPUT (policy ACCEPT 6 packets, 432 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 4 packets, 448 bytes)
pkts bytes target prot opt in out source destination

[root@wang /]# iptables-restore < /etc/sysconfig/iptables  //恢复  iptables-save > 1.ipt 备份
[root@wang /]# iptables -nvL

最新文章

  1. 优化数据库的方法及SQL语句优化的原则
  2. Java基础知识总结(绝对经典)
  3. android service 如何弹出dialog
  4. CSS组件架构的设计思想
  5. 怎样将MySQL数据库上传到服务器
  6. Java中的随机数生成器:Random,ThreadLocalRandom,SecureRandom
  7. xhr.readyState的就绪状态
  8. HDU1002——大整数加法
  9. Xilinx ISE 14.1利用Verilog产生clock
  10. PHP编辑器PhpStrom运行缓慢问题
  11. 使用Shader制作loading旋转动画
  12. fastJson遇到的问题
  13. LimeSDR 无线信号重放攻击和逆向分析
  14. 前端基础之html(一)
  15. 洛谷P1265 公路修建(Prim)
  16. Spark学习之路 (十五)SparkCore的源码解读(一)启动脚本
  17. PKCS 发布的15 个标准与X509
  18. 网络编程之OSI七层协议
  19. 复杂值vs原始值&amp;&amp;内存空间
  20. 【Cocos2d-X开发学习笔记】第12期:动作类CCAction的详细讲解

热门文章

  1. Activation HDU - 4089 (概率DP)
  2. /bin/sh: warning: setlocale: LC_ALL: cannot change locale (zh_CN.UTF-8) centos7
  3. [AH2017/HNOI2017]抛硬币(扩展lucas)
  4. React项目性能优化
  5. 【线性代数】7-1:线性变换思想(The Idea of a Linear Transformation)
  6. Codeforces 1276C/1277F/1259F Beautiful Rectangle (构造)
  7. struts2方法无法映射问题:There is no Action mapped for namespace [/] and action name [m_hi] associated with context path []
  8. ZR#956 集合
  9. 解析配置文件 redis.conf
  10. Java ExecutorService四种线程池及自定义ThreadPoolExecutor机制