iptables DROP policy

input and output drop

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

raw>mangle>nat>filter

[root@n3 ~]# ip ru add from 172.16.16.2 lookup 9800 [ pref or prio ] 9800
[root@n3 ~]# ip rule show
0: from all lookup local
9800: from 172.16.16.2 lookup 9800
32766: from all lookup main
32767: from all lookup default

https://www.jianshu.com/p/5c70b536816b

posted @ 2019-08-25 00:41 voh99800 阅读(616) 评论(0) 编辑收藏举报

刷新页面返回顶部

Cluster Note

所有内容只做笔记使用, 涉及机密的, 请通知删除

iptables DROP policy

公告