linux ftp iptables,linux – IPTABLES允许ssh,ftp,pop等从一个静态...
這是我在/ etc / sysconfig / iptables中的設(shè)置:
#start of my iptables
# Generated by iptables-save v1.2.11 on Wed May 27 00:31:22 2015
*mangle
:PREROUTING ACCEPT [130933577:29488298585]
:INPUT ACCEPT [130933577:29488298585]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [171790648:176814024859]
:POSTROUTING ACCEPT [171789023:176813945079]
COMMIT
# Completed on Wed May 27 00:31:22 2015
# Generated by iptables-save v1.2.11 on Wed May 27 00:31:22 2015
*filter
:INPUT ACCEPT [130907005:29486700773]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [171789023:176813945079]
-A INPUT -s 117.21.191.0/255.255.255.0 -j DROP
-A INPUT -s 106.0.210.78 -j DROP
-A INPUT -s 58.218.0.0/255.255.0.0 -j DROP
-A INPUT -s 117.3.215.251 -j DROP
-A INPUT -s 119.97.146.0/255.255.255.0 -j DROP
-A INPUT -s 203.185.69.45 -j DROP
-A INPUT -s 58.18.172.0/255.255.255.0 -j DROP
-A OUTPUT -p tcp -m tcp --dport 6660:6669 -j DROP
-A INPUT -p tcp -s my_static_ip --dport 22 -j ACCEPT
-A INPUT -p tcp -s my_static_ip --dport 21 -j ACCEPT
-A INPUT -p tcp -s my_static_ip --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp ! -s my_static_ip -j DROP
COMMIT
# Completed on Wed May 27 00:31:22 2015
# Generated by iptables-save v1.2.11 on Wed May 27 00:31:22 2015
*nat
:PREROUTING ACCEPT [8063847:452240147]
:POSTROUTING ACCEPT [3324733:239203840]
:OUTPUT ACCEPT [3324733:239203840]
COMMIT
# Completed on Wed May 27 00:31:22 2015
# end of my iptables
my_static_ip是我用來連接linux服務(wù)器的ip地址(比如說100.10.10.10).
基本上我想只允許我的一個(gè)IP連接到我的服務(wù)器使用ssh,ftp,接收和發(fā)送電子郵件等等,因?yàn)橛性S多濫用的IP和機(jī)器人試圖訪問ssh,ftp,pop等.HTTP和SSL必須允許我的服務(wù)器上的每個(gè)人.
通過上面的設(shè)置,除了我無法接收或發(fā)送電子郵件之外,一切都很順利.你能告訴我我做錯了什么嗎?
預(yù)先感謝您的幫助.
總結(jié)
以上是生活随笔為你收集整理的linux ftp iptables,linux – IPTABLES允许ssh,ftp,pop等从一个静态...的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 任意文件读取linux,Symphony
- 下一篇: linux磁盘阵列oravote,Ora