iptables

2019. 3. 12. 22:13

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [269:26607]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50001:50005 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

--------------------------------------------------------------------------------------------

우분투에서 iptsbles 적용

룰셋 삭제

iptables -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

룰셋 저장

# iptables-save

룰셋 적용하기

# iptables-restore < /etc/iptables/rules.v4

(URL 참고)
https://idchowto.com/?p=31482

http://blog.daum.net/_blog/BlogTypeView.do?blogid=0OzV0&articleno=235&categoryId=21&regdt=20180228143109

-------------------------------------------------------------------------------------------------

port forwarding

포워딩 정책 추가 명령어

iptables -A PREROUTING -d 49.247.210.167 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 443

설정된 포트 워딩 확인

iptables -t nat -L

정책 추가 명령어의 -A 부분을 -D로 다시 입력하면 정책이 삭제 되나, 안되는 경우 삭제 방법

iptables -t nat -L --line-numbers 명령어로 설정된 정책의 번호를 확인.

정책 삭제

iptables -t nat -D PREROUTING 1

샤르봉의 블로그

iptables

+ Recent posts

티스토리툴바