iptables场景一（下）

一、补充规则

在场景一的基础上，修改只允许192.168.0.107访问本机的httpd服务

 

二、配置方法

[root@localhost ~]# iptables -D INPUT -p tcp --dport 80 -j REJECT

[root@localhost ~]# iptables -nL

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:10:21

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

 

Chain FORWARD (policy ACCEPT)

 

[root@localhost ~]# iptables -I INPUT -p tcp -s 192.168.0.103 --dport 80 -j ACCEPT

 

三、测试方法

1、在192.168.0.103的机器上进行测试

[root@localhost ~]# curl -I http://192.168.0.103/

HTTP/1.1 403 Forbidden

Date: Sat, 19 Aug 2017 01:32:29 GMT

Server: Apache/2.4.6 (CentOS)

Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT

ETag: "1321-5058a1e728280"

Accept-Ranges: bytes

Content-Length: 4897

Content-Type: text/html; charset=UTF-8

 

[root@localhost ~]# telnet 192.168.0.103 80

Trying 192.168.0.103...

Connected to 192.168.0.103.

Escape character is '^]'.

Connection closed by foreign host.

2、在192.168.0.107的机器上进行测试

C:\Users\lenovo>telnet 192.168.0.103 80

正在连接192.168.0.103...无法打开到主机的连接。 在端口 80: 连接失败