iptables推荐默认规则

Posted on Edited on

清空旧规则

1
2
3
iptables -F
iptables -X
iptables -Z

默认策略:丢弃所有

1
2
3
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

允许本地回环访问

1
iptables -A INPUT -i lo -j ACCEPT

允许已建立连接和相关连接的数据包

1
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

允许SSH(默认22端口)

1
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

可选:允许Ping

1
iptables -A INPUT -p icmp -j ACCEPT

保存规则

1
2
3
4
yum install -y iptables-services # 安装iptable
service iptables save # 规则保存到 /etc/sysconfig/iptables
systemctl restart iptables # 重启
systemctl enable iptables # 开机启动