iptables场景三——规则设置

一 规则设置

[root@localhost Packages]# iptables -F

[root@localhost Packages]# iptables -I INPUT -i lo -j ACCEPT

[root@localhost Packages]# iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

[root@localhost Packages]# iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT

[root@localhost Packages]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

[root@localhost Packages]# iptables -A INPUT -p tcp --dport 1723 -j ACCEPT

[root@localhost Packages]# iptables -A INPUT -p icmp -j ACCEPT

[root@localhost Packages]# iptables -A INPUT -j REJECT

[root@localhost Packages]# iptables -nL

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT all -- 192.168.0.0/24 0.0.0.0/0

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

 

二 规则测试

1、局域网内机器测试80端口

[root@localhost Packages]# telnet 192.168.0.103

Trying 192.168.0.103...

telnet: connect to address 192.168.0.103: Connection refused

[root@localhost Packages]# telnet 192.168.0.103 80

Trying 192.168.0.103...

Connected to 192.168.0.103.

Escape character is '^]'.