今天是: 收藏本站 设为主页
网站首页 >  技术专栏  >  linux  > 

Ubuntu 服务器版 Iptables 基本设置指南

日期:2011-03-16  点击率:3590



Tips 技巧
If you manually edit iptables on a regular basis 如果你经常手动编辑iptables
The above steps go over how to setup your firewall rules and presume they will be relatively static (and for most people they should be). But if you do a lot of development work, you may want to have your iptables saved everytime you reboot. You could add a line like this one in /etc/network/interfaces:

大多数人并不需要经常改变他们的防火墙规则,因此只要根据前面的介绍,建立起防火墙规则就可以了。但是如果您要经常修改防火墙规则,以使其更加完善,那么您可能希望系统在每次重启前将防火墙的设置保存下来。为此您可以在/etc/network/interfaces文件中添加一行:

pre-up iptables-restore < /etc/iptables.up.rulespost-down iptables-save > /etc/iptables.up.rules
The line "post-down iptables-save > /etc/iptables.up.rules" will save the rules to be used on the next boot.

"post-down iptables-save > /etc/iptables.up.rules"会将设置保存下来,以便下次启动时使用。

Using iptables-save/restore to test rules 使用iptables-save/restore测试规则
If you edit your iptables beyond this tutorial, you may want to use the iptables-save and iptables-restore feature to edit and test your rules. To do this open the rules file in your favorite text editor (in this example gedit).

使用iptables-save和iptables-restore可以很方便地修改和测试防火墙规则。首先运行iptables-save将规则保存到一个文件,然后用编辑器编辑该文件。

# iptables-save > /etc/iptables.test.rules# gedit /etc/iptables.test.rules
You will have a file that appears similiar to (following the example above):

如果您根据前面的例子建立了防火墙规则,iptables-save将产生一个类似于如下内容的文件:

# Generated by iptables-save v1.3.1 on Sun Apr 23 06:19:53 2006*filter:INPUT ACCEPT [368:102354]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [92952:20764374]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7-A INPUT -j DROPCOMMIT# Completed on Sun Apr 23 06:19:53 2006
Notice that these are iptables commands minus the iptable command. Feel free to edit this to file and save when complete. Then to test simply:

文件内容其实就是各种iptables命令,只不过把命令名iptables省略了。您可以随意对这个文件进行编辑,然后保存。接着使用以下命令测试修改后的规则:

# iptables-restore < /etc/iptables.test.rules
After testing, if you have not added the iptables-save command above to your /etc/network/interfaces remember not to lose your changes:

之前您如果没有在/etc/network/interfaces文件中添加iptables-save命令,那么测试之后,别忘了把您所作的修改保存起来。

# iptables-save > /etc/iptables.up.rules



下一篇:谈PHP生成静态页面    上一篇:mysql套接字和tcpip连接方式