centos 防火墙规则开放22 80 ,8080
2015-07-03 12:19
561 查看
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 61.160.247.180/32 -j DROP
-A INPUT -s 222.186.56.40/32 -j DROP
-A INPUT -s 222.186.34.245/32 -j DROP
-A INPUT -s 217.146.14.42/32 -j DROP
-A INPUT -s 173.194.127.212/32 -j DROP
-A INPUT -s 115.231.17.9/32 -j DROP
-A INPUT -s 115.231.17.13/32 -j DROP
-A INPUT -s 5.9.50.203/32 -j DROP
-A INPUT -s 122.225.97.88/32 -j DROP
-A INPUT -s 213.39.44.243/32 -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 61616 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 115.231.17.9/32 -j DROP
-A FORWARD -s 115.231.17.9/32 -j DROP
-A FORWARD -d 115.231.17.13/32 -j DROP
-A FORWARD -s 115.231.17.13/32 -j DROP
-A FORWARD -d 173.194.127.212/32 -j DROP
-A FORWARD -s 173.194.127.212/32 -j DROP
-A FORWARD -d 5.9.50.203/32 -j DROP
-A FORWARD -s 5.9.50.203/32 -j DROP
-A FORWARD -s 217.146.14.42/32 -j DROP
-A FORWARD -d 217.146.14.42/32 -j DROP
-A FORWARD -s 61.160.247.180/32 -j DROP
-A FORWARD -d 61.160.247.180/32 -j DROP
-A FORWARD -s 213.39.44.243/32 -j DROP
-A FORWARD -d 213.39.44.243/32 -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -s 217.146.14.42/32 -j DROP
-A OUTPUT -d 122.225.97.88/32 -j DROP
-A OUTPUT -d 173.194.127.212/32 -j DROP
-A OUTPUT -d 115.231.17.9/32 -j DROP
-A OUTPUT -d 115.231.17.13/32 -j DROP
-A OUTPUT -d 5.9.50.203/32 -j DROP
-A OUTPUT -d 61.160.247.180/32 -j DROP
-A OUTPUT -d 213.39.44.243/32 -j DROP
COMMIT
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 61.160.247.180/32 -j DROP
-A INPUT -s 222.186.56.40/32 -j DROP
-A INPUT -s 222.186.34.245/32 -j DROP
-A INPUT -s 217.146.14.42/32 -j DROP
-A INPUT -s 173.194.127.212/32 -j DROP
-A INPUT -s 115.231.17.9/32 -j DROP
-A INPUT -s 115.231.17.13/32 -j DROP
-A INPUT -s 5.9.50.203/32 -j DROP
-A INPUT -s 122.225.97.88/32 -j DROP
-A INPUT -s 213.39.44.243/32 -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 61616 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -d 115.231.17.9/32 -j DROP
-A FORWARD -s 115.231.17.9/32 -j DROP
-A FORWARD -d 115.231.17.13/32 -j DROP
-A FORWARD -s 115.231.17.13/32 -j DROP
-A FORWARD -d 173.194.127.212/32 -j DROP
-A FORWARD -s 173.194.127.212/32 -j DROP
-A FORWARD -d 5.9.50.203/32 -j DROP
-A FORWARD -s 5.9.50.203/32 -j DROP
-A FORWARD -s 217.146.14.42/32 -j DROP
-A FORWARD -d 217.146.14.42/32 -j DROP
-A FORWARD -s 61.160.247.180/32 -j DROP
-A FORWARD -d 61.160.247.180/32 -j DROP
-A FORWARD -s 213.39.44.243/32 -j DROP
-A FORWARD -d 213.39.44.243/32 -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -s 217.146.14.42/32 -j DROP
-A OUTPUT -d 122.225.97.88/32 -j DROP
-A OUTPUT -d 173.194.127.212/32 -j DROP
-A OUTPUT -d 115.231.17.9/32 -j DROP
-A OUTPUT -d 115.231.17.13/32 -j DROP
-A OUTPUT -d 5.9.50.203/32 -j DROP
-A OUTPUT -d 61.160.247.180/32 -j DROP
-A OUTPUT -d 213.39.44.243/32 -j DROP
COMMIT
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- [实用命令]Linux 用户,用户组
- uCOS、WinCE、uCLinux嵌入式系统介绍
- centos 64位 安装 jdk 1.8
- Linux内核源码分析--内核启动之(2)Image内核启动(汇编部分)(Linux-3.0 ARMv7)
- Linux内核源码分析--zImage出生实录(Linux-3.0 ARMv7)
- Linux内核源码分析--内核启动之(1)zImage自解压过程(Linux-3.0 ARMv7)
- 如何统计Linux环境变量中各个目录下的文件数
- 在Linux下编译C或C++程序的教程
- centos6.* git在web上两种显示方法总结
- Display certain line(s) from a text file in Linux.
- linux磁盘满时,如何定位并删除文件
- linux配置打印机的一些整理
- linux -- ubuntuserver 安装图形界面
- linux 通过源码安装imagemagick
- centos7下g++与gdb的使用
- Linux系统管理远程登录工具PUTTY
- Linux用户和组命令
- Linux文件目录详解
- Linux基础命令使用
- Linux如何获取命令使用帮助说明