编辑iptables配置文件,将文件内容更改为如下,则具备了ip地址白名单功能
#vim /etc/sysconfig/iptables
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -N whitelist -A whitelist -s 1.2.3.0/24 -j ACCEPT -A whitelist -s 4.5.6.7 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j whitelist -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j whitelist -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j whitelist -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
评论列表()