iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD ACCEP
基本语法:
iptables [-t filter] [-AI INPUT,OUTPUT,FORWARD] [-io interface]
[-p tcp,udp.icmp,all] [-s ip/nerwork] [--sport ports]
[-d ip/netword] [--dport ports] [-j ACCEPT DROP]
添加规则:
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 8080 -j DROP
或者
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
service iptables restart
保存:
/etc/init.d/iptables save
查看:
/etc/init.d/iptables status
iptables -L -n
关闭:
/etc/init.d/iptables stop
将外网访问192.168.75.5的80端口转发到192.168.75.3:8000端口。
# iptables -t nat -A PREROUTING -d 192.168.75.5 -p tcp --dport 80 -j DNAT --to-destination 192.168.75.3:8000
将192.168.75.38000端口将数据返回给客户端时,将源ip改为192.168.75.5
# iptables -t nat -A POSTROUTING -d 192.168.75.3 -p tcp --dport 8000 -j SNAT 192.168.75.5
