Warning: Undefined array key "cperpage" in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 255

Warning: Undefined variable $output in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 325

Warning: Undefined variable $fixed_tags in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 326

Warning: Undefined variable $isshowdots in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 327

Warning: Undefined variable $tag_aditional in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 330

Warning: Undefined variable $tag_aditional in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 333

Warning: Undefined variable $tag_aditional in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 336

Warning: Undefined variable $post in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 345

Warning: Attempt to read property "ID" on null in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 345

Warning: Undefined variable $post in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 345

Warning: Attempt to read property "ID" on null in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 345

Warning: Undefined variable $more_text_link in /www/wwwroot/www.now163.com/wp-content/themes/twentytwentyfive/functions.php on line 345
iptables – 理想社会

理想社会

标签: iptables

  • iptables开启ftp规则

    设置了iptables的禁止所有的端口,只容许可能访问了策略后大部分情况下会出现ftp不能正常访问的问题,因为ftp有主动和被动连接两种模式,少添加一些策略就会出问题。
    首先要加载ftp模块

    modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

    然后加载策略

    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 21 -j ACCEPT

    要是不想每次都加载模块的话 那就要修改/etc/sysconfig/iptables-config
    添加ip_conntrack_ftp ip_nat_ftp 2个模块 保存退出就ok了

    本文出自 “mcshell学习博客” 博客,请务必保留此出处http://mcshell.blog.51cto.com/803455/396125

  • web服务的iptables防火墙规则

    #!/bin/bash
/sbin/modprobe ip_conntrac
/sbin/modprobe ip_conntrack_ftp

/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p tcp --sport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT