Linux下设置防火墙白名单(RHEL 6和CentOS 7)的步骤
进入Linux命令行,编辑防火墙规则配置文件iptables
vi/etc/sysconfig/iptables
下面是一个白名单设置的例子:
#Firewallconfigurationwrittenbysystem-config-securitylevel #Manualcustomizationofthisfileisnotrecommended. *filter :INPUTACCEPT[0:0] :FORWARDACCEPT[0:0] :OUTPUTACCEPT[0:0] :RH-Firewall-1-INPUT-[0:0] -Nwhitelist -Awhitelist-s10.202.106.1-jACCEPT -Awhitelist-s10.202.106.2-jACCEPT -Awhitelist-s10.202.106.3-jACCEPT -Awhitelist-s10.202.106.4-jACCEPT -Awhitelist-s10.202.106.5-jACCEPT -Awhitelist-s10.202.106.6-jACCEPT -Awhitelist-s10.202.106.7-jACCEPT -AINPUT-jRH-Firewall-1-INPUT -AFORWARD-jRH-Firewall-1-INPUT -ARH-Firewall-1-INPUT-ilo-jACCEPT -ARH-Firewall-1-INPUT-picmp--icmp-typeany-jACCEPT -ARH-Firewall-1-INPUT-p50-jACCEPT -ARH-Firewall-1-INPUT-p51-jACCEPT -ARH-Firewall-1-INPUT-pudp--dport5353-d224.0.0.251-jACCEPT -ARH-Firewall-1-INPUT-pudp-mudp--dport631-jACCEPT -ARH-Firewall-1-INPUT-ptcp-mtcp--dport631-jACCEPT -ARH-Firewall-1-INPUT-mstate--stateESTABLISHED,RELATED-jACCEPT -ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport22-jACCEPT -ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport4750-jACCEPT -ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport3306-jwhitelist -ARH-Firewall-1-INPUT-jREJECT--reject-withicmp-host-prohibited COMMIT
其中设置白名单的部分为:
-Nwhitelist -Awhitelist-s10.202.106.1-jACCEPT -Awhitelist-s10.202.106.2-jACCEPT -Awhitelist-s10.202.106.3-jACCEPT -Awhitelist-s10.202.106.4-jACCEPT -Awhitelist-s10.202.106.5-jACCEPT -Awhitelist-s10.202.106.6-jACCEPT -Awhitelist-s10.202.106.7-jACCEPT
使用白名单规则使用j参数指定:
-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport3306-jwhitelist
以上这篇Linux下设置防火墙白名单(RHEL6和CentOS7)的步骤就是小编分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持毛票票。