Linux下设置防火墙白名单(RHEL 6和CentOS 7)的步骤

程序员文章站 2023-12-27 20:14:27

进入linux 命令行，编辑防火墙规则配置文件 iptables vi /etc/sysconfig/iptables 下面是一个白名单设置的例子： # f...

进入linux 命令行，编辑防火墙规则配置文件 iptables
vi /etc/sysconfig/iptables

下面是一个白名单设置的例子：

# firewall configuration written by system-config-securitylevel
# manual customization of this file is not recommended.
*filter
:input accept [0:0]
:forward accept [0:0]
:output accept [0:0]
:rh-firewall-1-input - [0:0]

-n whitelist
-a whitelist -s 10.202.106.1 -j accept
-a whitelist -s 10.202.106.2 -j accept
-a whitelist -s 10.202.106.3 -j accept
-a whitelist -s 10.202.106.4 -j accept
-a whitelist -s 10.202.106.5 -j accept
-a whitelist -s 10.202.106.6 -j accept
-a whitelist -s 10.202.106.7 -j accept

-a input -j rh-firewall-1-input
-a forward -j rh-firewall-1-input
-a rh-firewall-1-input -i lo -j accept
-a rh-firewall-1-input -p icmp --icmp-type any -j accept
-a rh-firewall-1-input -p 50 -j accept
-a rh-firewall-1-input -p 51 -j accept
-a rh-firewall-1-input -p udp --dport 5353 -d 224.0.0.251 -j accept
-a rh-firewall-1-input -p udp -m udp --dport 631 -j accept
-a rh-firewall-1-input -p tcp -m tcp --dport 631 -j accept
-a rh-firewall-1-input -m state --state established,related -j accept
-a rh-firewall-1-input -m state --state new -m tcp -p tcp --dport 22 -j accept
-a rh-firewall-1-input -m state --state new -m tcp -p tcp --dport 4750 -j accept
-a rh-firewall-1-input -m state --state new -m tcp -p tcp --dport 3306 -j whitelist
-a rh-firewall-1-input -j reject --reject-with icmp-host-prohibited

commit

其中设置白名单的部分为：

-n whitelist
-a whitelist -s 10.202.106.1 -j accept
-a whitelist -s 10.202.106.2 -j accept
-a whitelist -s 10.202.106.3 -j accept
-a whitelist -s 10.202.106.4 -j accept
-a whitelist -s 10.202.106.5 -j accept
-a whitelist -s 10.202.106.6 -j accept
-a whitelist -s 10.202.106.7 -j accept

使用白名单规则使用 j 参数指定：

-a rh-firewall-1-input -m state --state new -m tcp -p tcp --dport 3306 -j whitelist

以上这篇linux下设置防火墙白名单(rhel 6和centos 7)的步骤就是小编分享给大家的全部内容了，希望能给大家一个参考，也希望大家多多支持。