Linuxにiptablesコマンドの使い方
1.アクセスを許可するルールを追加する
書式
iptables -A INPUT -s [アクセスを許可するIPアドレス] -j ACCEPT
例
iptables -A INPUT -s 172.17.1.21 -j ACCEPT
2.特定のポートへのアクセスを許可する
書式
iptables -A INPUT -p tcp –dport ポート番号 -j ACCEPT
例
iptables -A INPUT -p tcp –dport 10080 -j ACCEPT
3.アクセス権限をかける
iptables -P INPUT DROP
4.設定変更
service iptables save
5.iptables確認
# iptables -L
INPUT:入力
FORWARD:転送
OUTPUT:出力
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
INPUT_direct all — anywhere anywhere
INPUT_ZONES_SOURCE all — anywhere anywhere
INPUT_ZONES all — anywhere anywhere
DROP all — anywhere anywhere ctstate INVALID
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
FORWARD_direct all — anywhere anywhere
FORWARD_IN_ZONES_SOURCE all — anywhere anywhere
FORWARD_IN_ZONES all — anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all — anywhere anywhere
FORWARD_OUT_ZONES all — anywhere anywhere
DROP all — anywhere anywhere ctstate INVALID
REJECT all — anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all — anywhere anywhere