iptables的常用参数使用

       Common parameters of iptables usageiptables

 The main function is to control the entry and exit of network packets on the device and forwarding. When packets need to enter the device, leave the device, or be forwarded and routed by the device, they can be controlled by iptables.Install iptables

#yum install iptables-services

0x02:Turn off firewall

#systemctl stopfirewalld.service

#systemctl disablefirewalld.service

0x03:View the existing iptables rules

#iptables -L

0x04:Clear all default rules

#iptables -F

Clear all custom rules

#iptables -X

Reset all counters

#iptables -Z

0x05:Allow local access to packets from the lo interface

#iptables -A INPUT -I lo -jACCEPT

0x06:Specify the opening of port 22

#iptables -A INPUT -p tcp–dport 22 -j ACCEPT

0x07:Ban access from IP address 123.23.1.2

#iptables -A INPUT -p tcp-dport 22 -j DROP

0x08:Open fixed IP access to port 8080

#iptables -I INPUT -s111.101.90.110 -p tcp –dport 8080 -j ACCEPT

0x08:Ban ping

#iptables -A INPUT -p icmp--icmp-type 8 -s 0/0 -j DROP

0x09:Add the internal IP address to the trusted list

#iptables -A INPUT -p tcp -s10.0.0.3 -j ACCEPT

0x10:Allow receiving return data RELATED after accepting requests from the local machine

#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

0x11:Limit traffic

#iptables -A INPUT -I eth0 -m limit --limit 5/m --limit-burst 15 -j ACCEPT

0x12:Match within specific time periods

#iptables -A INPUT -i eth0 -m time --weekdays 1,3,5 -j ACCEPT

0x13:Match packets with TTL values that meet the rules

#iptables -A OUTPUT -m ttl --ttl-eq 51 -j ACCEPT

0x14:Match packets with the specified state

#iptables -A INPUT -m state --stateNEW,ESTABLISHED -j ACCEPT

0x15:Match packets with the specified mark value

#iptables -t mangle -A INPUT -m mark --mark 1 -j DROP

0x16:Match the specified MAC address

#iptables -A FORWARD -m mac --mac-source00:0C:22:38:49:61 -j DROP

0x17:Port mapping (map the default mysql port 3306 to 1306 for external service)

#iptables -t mangle -IPREROUTING -p tcp -dport 1306 -j MARK --set-mark 3306

0x18:Filter all requests that are not above the rules

#iptables -P INPUT DROP

0x19:Save iptables rules

#service iptables save

0x20:Automatically enable iptables service

#systemctl enableiptables.service

0x21:Check status

#systemctl status iptables.service

      Summary: The function of iptables is very powerful. Familiar with commonly used parameter combinations, it can meet the protection needs of different scenarios. Understanding the structure of iptables can better use firewall rules to control incoming and outgoing traffic and speed limit processing.