[root@ip-127-0-0-1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:memcache
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- localhost anywhere tcp dpt:memcache
DROP tcp -- anywhere anywhere tcp dpt:memcache
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere ip-192-168-122-0.cn-north-1.compute.internal/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- ip-192-168-122-0.cn-north-1.compute.internal/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:11211
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:11211
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11211
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:11211
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
6 ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:11211
7 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11211
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]#
[root@ip-127-0-0-1 ~]# iptables -D INPUT 7
[root@ip-127-0-0-1 ~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:11211
2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
6 ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:11211
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@ip-127-0-0-1 ~]#
并且安装iptables-services:
yum install iptables-services
设置开机启动:
systemctl enable iptables
systemctl stop iptables
systemctl start iptables
systemctl restart iptables
systemctl reload iptables
保存设置:
service iptables save
