網路防火牆
Linux 系統防火牆工具:iptables, firewalld
更多文章
軟體防火牆系統
- IPFire
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. - pfSense
pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface.
基本指令
顯示所有規則
# iptables -L -n -v # iptables -L -n -v --line-numbers # iptables -L INPUT -n -v --line-numbers
- -L : List rules.
- -v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.
- -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.
重啟/清除所有規則
# service iptables stop # service iptables start # iptables -F # iptables -X # iptables -t nat -F # iptables -t nat -X # iptables -t mangle -F # iptables -t mangle -X # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT
- -F : Deleting (flushing) all the rules.
- -X : Delete chain.
- -t table_name : Select table (called nat or mangle) and delete/flush rules.
- -P : Set the default policy (such as DROP, REJECT, or ACCEPT).
移除指定的規則
顯示所有規則的編號 # iptables -L INPUT -n --line-numbers # iptables -L OUTPUT -n --line-numbers # iptables -L OUTPUT -n --line-numbers | less # iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1 移除指定編號的規則 # iptables -D INPUT 4 移除指定來源 IP 的規則 # iptables -D INPUT -s 202.54.1.1 -j DROP
新增規則
顯示所有規則的編號 # iptables -L INPUT -n --line-numbers 在編號 1-2 之間新增規則 # iptables -I INPUT 2 -s 202.54.1.2 -j DROP
儲存所有規則
For RedHat/CentOS/Fedora Linux # service iptables save For other Linux distro. # iptables-save > /root/my.active.firewall.rules # cat /root/my.active.firewall.rules
回復規則
For other Linux distro. # iptables-restore < /root/my.active.firewall.rules For RedHat/CentOS/Fedora Linux # service iptables restart
- 標籤 (Edit tags)
- 什麼連接到這裡
| Images 0 | ||
|---|---|---|
| No images to display in the gallery. |
您必須 登入 才能發佈評論。
Powered by MindTouch Core