ubuntu的iptables操作指令

1)查看nat的POSTROUTING

sudo iptables -L POSTROUTING -t nat --line-numbers

2)删除nat的POSTROUTING

sudo iptables -t nat -D POSTROUTING line-number(数字)

3)增加pppoe的nat转发

sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

4)在/etc/network/interfaces中挂起iptables规则

pre-up iptables-restore < /etc/init.d/iptables.up.rules

5)端口转发

 iptables -A INPUT -i eth1 -p tcp -m tcp --dport 9090 -m state --state NEW -j ACCEPT
 iptables -t nat --append PREROUTING --protocol tcp --dport 8002 --jump DNAT --to-destination 192.168.1.107:80

6)centos开放3306端口
vi /etc/sysconfig/iptables-config

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
/etc/init.d/iptables restart

原创文章,转载请注明: 转载自海波无痕

本文链接地址: ubuntu的iptables操作指令

文章的脚注信息由WordPress的wp-posturl插件自动生成

此条目发表在server分类目录,贴了, 标签。将固定链接加入收藏夹。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论链接可以 移除 nofollow.