iptables serivce
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
dnf install epel-release -y - установим репозиторий epel dnf install iptables.service systemctl enable iptables.service systemctl start iptables.service service iptables save service ip6tables save iptables-restore /etc/sysconfig/iptables ip6tables-restore /etc/sysconfig/ip6tables iptables -S ip6tables -S systemctl enable iptables systemctl start iptables systemctl disable firewalld systemctl stop firewalld |
файл iptables
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -s 10.3.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT -A INPUT -s 10.0.3.6/32 -j ACCEPT -m comment --comment "backup" -A INPUT -s 10.1.2.1/32 -m state --state NEW -p tcp --dport 10050 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 100/sec -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT COMMIT |
файл ip6tables
|
1 2 3 4 5 6 7 8 |
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT COMMIT |