Configure Linux Firewall iptables

在Ubuntu系统上安装iptables

sudo apt-get install -y iptables

常用的参数选项

• -A –append – Add a rule to a chain (at the end).
• -D –delete – Remove specified rules from a chain.
• -F –flush – Remove all rules.
• -I –insert – Add a rule to a chain at a given position.
• -L –list – Show all rules in a chain.
• -N -new-chain – Create a new chain.
• -v –verbose – Show more information when using a list option.
• -n –numeric – numeric output of addresses and ports
• –line-numbers – print line numbers when listing
• -p –protocol – protocol: by number or name, eg. `tcp’
• -s –source – source specification
• -d –destination – destination specification
• -j –jump – target for rule (may load target extension)

  显示已有的规则

  sudo iptables -L -n --line-number

  添加一条规则

  以下命令新增一条DOCKER链路规则，允许172.20.0.3访问172.20.0.2的TCP 2022端口

  sudo iptables -I DOCKER -s 172.20.0.3 -d 172.20.0.2 -p tcp --dport 2022 -j ACCEPT

  以下命令新增一条INPUT链路规则，禁止所有地址访问端口3306

  sudo iptables -I INPUT -p tcp --dport 3306 -j DROP

  删除规则

  以下命令删除INPUT链路中序号为1的规则

  sudo iptables -D INPUT 1