iptables規則的關係,是自上而下進行過慮的。
所以新增規則時,要通過檔案進行新增,這樣的話,可以控制其順序。
a機器:
[root@www ~]# netstat -an | grep 6100
tcp 0 0 0.0.0.0:6100 0.0.0.0:* listen
tcp 0 0 192.168.5.140:6100 192.168.4.199:60194 established
tcp 0 0 192.168.5.140:6100 192.168.4.199:60196 established
tcp 0 0 192.168.5.140:6100 192.168.4.199:60193 established
tcp 0 0 192.168.5.140:6100 192.168.4.199:60195 established
然則:
b機器:
[root@www ~]# telnet 192.168.5.140 5432
trying 192.168.5.140...
connected to 192.168.5.140.
escape character is '^]'.
^cconnection closed by foreign host
原因是:
[root@www ~]# more /etc/sysconfig/iptables
-a input -j reject --reject-with icmp-host-prohibited
注:問題就出在這時,上面這個規則阻擋了下面的規則的執行
-a input -p tcp -m state --state new -m tcp --dport 6100 -j accept
所以調整如下:
[root@www ~]# more /etc/sysconfig/iptables
-a input -p tcp -m state --state new -m tcp --dport 6100 -j accept
-a input -j reject --reject-with icmp-host-prohibited
這樣的話:
[root@www ~]# telnet 192.168.5.140 6100
trying 192.168.5.140...
connected to 192.168.5.140.
escape character is '^]'.
connection closed by foreign host.
iptables 生產規則
bin bash etc init.d iptables stop iptables a input p tcp dport 80 j accept iptables a input p tcp dport 21 j accept iptables a input s 192.168.17.0 24...
IPTABLES 清空規則
iptables f 然後重新啟用的話 bin iptables.sh root ctc wh 1 176 iptables l chain input policy accept target prot opt source destination chain forward policy acc...
iptables 規則速查
iptables的命令規則速查,沒有為了方便 iptables a input p tcp dport 22 j ulog ulog nlgroup 2 iptables a input p tcp dport 22 j ulog ulog prefix ssh connection attempt...