防火墙的配置
丢弃来自192.168.10.36的所有数据包-A追加规则
1 | [root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j DROP |
查看默认表的规则,带行号显示
1 2 3 4 5 6 7 8 9 10 | [root@chenxi ~]# iptables -vnL --line-numbersChain INPUT (policy ACCEPT 271 packets, 20573 bytes)num pkts bytes target prot opt in out source destination 1 37 3108 DROP all -- * * 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 48 packets, 4440 bytes)num pkts bytes target prot opt in out source destination |
允许来自192.168.10.36的所有数据包
1 2 3 4 5 6 7 8 9 10 11 | [root@chenxi ~]# iptables -vnL --line-numbersChain INPUT (policy ACCEPT 44 packets, 3358 bytes)num pkts bytes target prot opt in out source destinatio1 8 672 ACCEPT all -- * * 192.168.10.36 0.0.0.0/02 37 3108 DROP all -- * * 192.168.10.36 0.0.0.0/0Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destinatioChain OUTPUT (policy ACCEPT 16 packets, 2256 bytes)num pkts bytes target prot opt in out source destination |
查看nat表里的链
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@chenxi ~]# iptables -vnL --line-numbers -t natChain PREROUTING (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination [root@chenxi ~]# iptables -vnL --line-numbers -t natChain PREROUTING (policy ACCEPT 3 packets, 240 bytes)num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 2 packets, 162 bytes)num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1 packets, 716 bytes)num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1 packets, 716 bytes)num pkts bytes target prot opt in out source destination |
查看规则
1 2 3 4 5 6 7 8 9 10 11 | [root@chenxi ~]# iptables -nLChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- 192.168.10.36 0.0.0.0/0 DROP all -- 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination |
删除第1条规则
1 2 3 4 5 6 7 8 9 10 11 | [root@chenxi ~]# iptables -D INPUT 1[root@chenxi ~]# iptables -nLChain INPUT (policy ACCEPT)target prot opt source destination DROP all -- 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination |
添加允许192.168.10.1主的作用报文出入本机-s源地址-d目标
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@chenxi ~]# iptables -A INPUT -s 192.168.10.1 -j ACCEPT[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.1 -j ACCEPT[root@chenxi ~]# iptables -nLChain INPUT (policy ACCEPT)target prot opt source destination DROP all -- 192.168.10.36 0.0.0.0/0 ACCEPT all -- 192.168.10.1 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 |
修改默认规则为拒绝 表默认过滤表
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@chenxi ~]# iptables -P INPUT DROP[root@chenxi ~]# iptables -P OUTPUT DROP[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination DROP all -- 192.168.10.36 0.0.0.0/0 ACCEPT all -- 192.168.10.1 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 |
在192.168.10.36主机用ping命令测试
1 2 | [root@mail bin]# ping 192.168.10.40PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data. |
在192.168.10.40 主机添加允许192.168.10.36数据包进来的规则
1 2 3 4 5 6 7 8 | [root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j ACCEPT[root@chenxi ~]# tcpdump -i ens33 -nn icmptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes08:39:08.910676 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq149, length 6408:39:09.910752 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq150, length 6408:39:10.922666 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq151, length 6408:39:11.940137 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 152, length 64 |
在192.168.10.40主机上添加允许目标主机为192.169.10.36的开发规则
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -j ACCEPT[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 ACCEPT all -- 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 ACCEPT all -- 0.0.0.0/0 192.168.10.36 08:40:53.800793 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 253, length 6408:40:53.801135 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 40976, seq 253, length 64 |
添加192.168.10.36的icmp协议可ping通192.168.10.40主机的规则
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | [root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -p icmp -j ACCEPT 进主机的规则[root@mail bin]# ping 192.168.10.40PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data.[root@chenxi ~]# tcpdump -i ens33 -nn icmptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes08:55:23.850949 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 6, length 6408:55:24.851240 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 7, length 6408:55:25.851304 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 8, length 6408:55:26.855839 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 9, length 6408:55:27.853459 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 10, length 6408:55:28.854609 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 11, length 6408:55:29.857906 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 12, length 6408:55:30.856784 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 13, length 6408:55:31.858473 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 14, length 6408:55:32.857969 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 15, length 6408:55:33.859005 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 16, length 6408:55:34.914116 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 17, length 6408:55:35.916034 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 18, length 6408:55:36.916717 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 19, length 6408:55:37.940721 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 20, length 6408:55:38.935520 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 21, length 6408:55:39.935601 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 4148[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -p icmp -j ACCEPT 出主机的规则[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 ACCEPT icmp -- 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 ACCEPT icmp -- 0.0.0.0/0 192.168.10.36 8, seq 22, length 6408:55:39.935702 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 22, length 6408:55:40.936550 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 23, length 6408:55:40.936628 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 23, length 6408:55:41.938630 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 24, length 6408:55:41.938690 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 24, length 6408:55:42.939814 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 25, length 6408:55:42.939889 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 25, length 6408:55:43.941753 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 26, length 6408:55:43.941831 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 26, length 6408:55:44.975164 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 27, length 6408:55:44.975228 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 27, length 64[root@mail bin]# ping 192.168.10.40PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data.64 bytes from 192.168.10.40: icmp_seq=22 ttl=64 time=0.493 ms64 bytes from 192.168.10.40: icmp_seq=23 ttl=64 time=1.09 ms64 bytes from 192.168.10.40: icmp_seq=24 ttl=64 time=0.336 ms64 bytes from 192.168.10.40: icmp_seq=25 ttl=64 time=1.36 ms64 bytes from 192.168.10.40: icmp_seq=26 ttl=64 time=0.430 ms64 bytes from 192.168.10.40: icmp_seq=27 ttl=64 time=0.243 ms |
在192.168.10.40的主机上添加允许192.168.10.36访问本机22端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | [root@mail bin]# ssh 192.168.10.40ssh: connect to host 192.168.10.40 port 22: Connection timed out[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -p tcp --dport 22 -j ACCEPT 进来数据包[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -p tcp --sport 22 -j ACCEPT 返回数据包[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 ACCEPT icmp -- 192.168.10.36 0.0.0.0/0 ACCEPT tcp -- 192.168.10.36 0.0.0.0/0 tcp dpt:22Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 ACCEPT icmp -- 0.0.0.0/0 192.168.10.36 ACCEPT tcp -- 0.0.0.0/0 192.168.10.36 tcp spt:22[root@mail bin]# ssh 192.168.10.40The authenticity of host '192.168.10.40 (192.168.10.40)' can't be established.RSA key fingerprint is c9:1c:63:b4:a2:a5:c4:cf:5a:a2:46:19:81:63:d2:f5.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.10.40' (RSA) to the list of known hosts.root@192.168.10.40's password: Last login: Tue Mar 19 08:37:05 2019 from 192.168.10.1[root@chenxi ~]# |
拒绝源地址为192.168.10.36主机的tcp的第一次握手连接
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | [root@chenxi ~]# iptables -I INPUT 2 -s 192.168.10.36 -p tcp --syn -j REJECT[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 REJECT tcp -- 192.168.10.36 0.0.0.0/0 tcp flags:0x17/0x02 reject-with icmp-port-unreachableACCEPT icmp -- 192.168.10.36 0.0.0.0/0 ACCEPT tcp -- 192.168.10.36 0.0.0.0/0 tcp dpt:22Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 ACCEPT icmp -- 0.0.0.0/0 192.168.10.36 ACCEPT tcp -- 0.0.0.0/0 192.168.10.36 tcp spt:22[root@mail ~]# ssh 192.168.10.40ssh: connect to host 192.168.10.40 port 22: Connection refused[root@mail ~]# ssh 192.168.10.40ssh: connect to host 192.168.10.40 port 22: Connection refused[root@mail bin]# ssh 192.168.10.40The authenticity of host '192.168.10.40 (192.168.10.40)' can't be established.RSA key fingerprint is c9:1c:63:b4:a2:a5:c4:cf:5a:a2:46:19:81:63:d2:f5.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.10.40' (RSA) to the list of known hosts.root@192.168.10.40's password: Last login: Tue Mar 19 08:37:05 2019 from 192.168.10.1[root@chenxi ~]# lsanaconda-ks.cfg[root@chenxi ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:40:c2:01 brd ff:ff:ff:ff:ff:ff inet 192.168.10.40/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::6e0:d902:bf99:5840/64 scope link noprefixroute valid_lft forever preferred_lft forever3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:40:c2:0b brd ff:ff:ff:ff:ff:ff inet 192.168.10.133/24 brd 192.168.10.255 scope global noprefixroute dynamic ens37 valid_lft 1453sec preferred_lft 1453sec inet6 fe80::24a2:2585:2b12:e5ab/64 scope link noprefixroute valid_lft forever preferred_lft forever |
用允许192.168.10.36可以访问本机的22端口的tcp状态连接第一次握手替换点拒绝所有来源192.168.10.36TCP第一握手拒绝规则
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@chenxi ~]# iptables -R INPUT 2 -s 192.168.10.36 -p tcp --dport 22 --syn -j ACCEPT -R 替换[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 ACCEPT tcp -- 192.168.10.36 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02ACCEPT icmp -- 192.168.10.36 0.0.0.0/0 ACCEPT tcp -- 192.168.10.36 0.0.0.0/0 tcp dpt:22Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 ACCEPT icmp -- 0.0.0.0/0 192.168.10.36 ACCEPT tcp -- 0.0.0.0/0 192.168.10.36 tcp spt:22[root@mail ~]# ssh 192.168.10.40root@192.168.10.40's password: Last login: Tue Mar 19 09:23:21 2019 from 192.168.10.36[root@chenxi ~]# |
自定义链
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | [root@chenxi ~]# iptables -N chenxi 创建链[root@chenxi ~]# iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 12738 768K ACCEPT all -- * * 192.168.10.1 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 17882 3969K ACCEPT all -- * * 0.0.0.0/0 192.168.10.1 Chain chenxi (0 references) pkts bytes target prot opt in out source destination [root@chenxi ~]# iptables -X chenxi 删除自定义链[root@chenxi ~]# iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 12776 771K ACCEPT all -- * * 192.168.10.1 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 17897 3971K ACCEPT all -- * * 0.0.0.0/0 192.168.10.1 [root@chenxi ~]# iptables -N chenxi[root@chenxi ~]# iptables -A chenxi -p tcp --tcp-flags ALL ALL -j REJECT TCP状态连接标志位全为1拒绝掉[root@chenxi ~]# iptables -A chenxi -p tcp --tcp-flags ALL NONE -j REJECT TCP状态连接全为0 拒绝掉[root@chenxi ~]# iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 13181 801K ACCEPT all -- * * 192.168.10.1 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 18067 3989K ACCEPT all -- * * 0.0.0.0/0 192.168.10.1 Chain chenxi (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 reject-with icmp-port-unreachable |
关联自定义链
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j chenxi 把所有来源地址为192.168.10.36的数据包都丢到chenxi这个链里[root@chenxi ~]# iptables -nvL Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 13333 812K ACCEPT all -- * * 192.168.10.1 0.0.0.0/0 0 0 chenxi all -- * * 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 18124 3995K ACCEPT all -- * * 0.0.0.0/0 192.168.10.1 Chain chenxi (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 reject-with icmp-port-unreachable |
删除已关联的自定义链
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | [root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 chenxi all -- 192.168.10.36 0.0.0.0/0 CHENXI all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 cx all -- 0.0.0.0/0 0.0.0.0/0 Chain CHENXI (1 references)target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53Chain chenxi (1 references)target prot opt source destination REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F reject-with icmp-port-unreachableREJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 reject-with icmp-port-unreachableChain cx (1 references)target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53[root@chenxi ~]# iptables -D INPUT 3[root@chenxi ~]# iptables -D CHENXI 1[root@chenxi ~]# iptables -D CHENXI 1[root@chenxi ~]# iptables -D CHENXI 1[root@chenxi ~]# iptables -D CHENXI 1[root@chenxi ~]# iptables -D CHENXI 1iptables: Index of deletion too big.[root@chenxi ~]# iptables -D CHENXI 1iptables: Index of deletion too big.[root@chenxi ~]# iptables -X CHENXI [root@chenxi ~]# iptables -D OUTPUT 2[root@chenxi ~]# iptables -D cx 1[root@chenxi ~]# iptables -D cx 1[root@chenxi ~]# iptables -D cx 1[root@chenxi ~]# iptables -D cx 1[root@chenxi ~]# iptables -D cx 1iptables: Index of deletion too big.[root@chenxi ~]# iptables -D cx 1iptables: Index of deletion too big.[root@chenxi ~]# iptables -nLChain INPUT (policy DROP)target prot opt source destination ACCEPT all -- 192.168.10.1 0.0.0.0/0 chenxi all -- 192.168.10.36 0.0.0.0/0 Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy DROP)target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.10.1 Chain chenxi (1 references)target prot opt source destination REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F reject-with icmp-port-unreachableREJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 reject-with icmp-port-unreachableChain cx (0 references)target prot opt source destination |
草都可以从石头缝隙中长出来更可况你呢
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级:DeepSeek 加持,客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏