JIYIK CN >

Current Location:Home > Learning > OPERATING SYSTEM >
Git Docker

Linux firewall iptables practical method

Author:JIYIK Last Updated:2025/04/07 Views:

1. Add a rule to allow access to a port

$ iptables -A INPUT -p tcp --dport 3005 -j ACCEPT

Add a rule and append a rule to the INPUT chain to allow access to port 3005. The rules added in this way are only temporarily saved in the memory and will become invalid as long as the iptables service is restarted.

If you want to make this rule permanent, that is, the rule is still valid after the iptables service is restarted, you need to use commands iptables-saveto achieve this goal.

$ iptables-save

By default, if we just run this command, only a bunch of rules will be output in the terminal, similar to the following.

:INPUT_direct - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3005 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT

This still does not work. In fact, we know that the iptables service has a configuration file when it is started /etc/sysconfig/iptables. So we have two ways:

1. Manually write rules to iptables

-A INPUT -p tcp -m tcp --dport 3005 -j ACCEPT

Save and exit, restart the service to take effect

2. Use  iptables-save redirection

We can see above that iptables-savethe command output is actually the content in /etc/sysconfig/iptables, but we have added our own configured rules, so we can redirect the output content to the configuration file

​$ iptables-save > /etc/sysconfig/iptables

The last thing to note is -A that we need to add a rule. In fact, in many cases, we find that

​$ iptables -A INPUT -p tcp --dport 3005 -j ACCEPT

It will not take effect, even if iptables-savethe configuration file is updated.

In fact, as long as we understand iptablesthe matching rules, it is easy to understand. When a rule is matched, the following rules will no longer be matched, even if there are other rules that meet the requirements. In iptablesthe default configuration file, there is such a rule

​-A INPUT -j REJECT --reject-with icmp-host-prohibited

Deny all access to the host. As long as the previous rule does not match, this rule will definitely match. So  -A INPUT add a rule after this one, and it will definitely not be accessible.

Therefore, we can  -I INPUT insert a rule in chain INPUT. The inserted rule is at the front, so it can be matched.

​$ iptables -I INPUT -p tcp --dport 3005 -j ACCEPT

Previous:Linux Practice - Log Filtering

Next:Apache2.4+PHP5.6 environment configuration under Windows7

For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.

Article URL:

Related Articles

Restart PostgreSQL in Ubuntu 18.04

Publish Date:2025/04/09 Views:72 Category:PostgreSQL

This short article shows how to restart PostgreSQL in Ubuntu. Restart PostgreSQL Server in Ubuntu You can restart Postgres server in Ubuntu using the following command. Order: sudo service postgres restart Sometimes the above command does n

Issues to note when installing Apache on Linux

Publish Date:2025/04/08 Views:78 Category:OPERATING SYSTEM

As the most commonly used web server, Apache can be used in most computer operating systems. As a free and open source Unix-like operating system, Linux and Apache are a golden pair. This article will introduce the installation and use of A

How to decompress x.tar.xz format files under Linux

Publish Date:2025/04/08 Views:186 Category:OPERATING SYSTEM

A lot of software found today is in the tar.xz format, which is a lossless data compression file format that uses the LZMA compression algorithm. Like gzip and bzip2, it supports multiple file compression, but the convention is not to compr

Summary of vim common commands

Publish Date:2025/04/08 Views:115 Category:OPERATING SYSTEM

In Linux, the best editor should be vim. However, the complex commands behind vim's powerful functions also make us daunted. Of course, these commands do not need to be memorized by rote. As long as you practice using vim more, you can reme

Detailed explanation of command return value $? in Linux

Publish Date:2025/04/08 Views:58 Category:OPERATING SYSTEM

? is a special variable. This variable represents the return value of the previous command. That is to say, when we run certain commands, these commands will return a code after running. Generally, if the command is successfully run, the re

Common judgment formulas for Linux script shell

Publish Date:2025/04/08 Views:159 Category:OPERATING SYSTEM

In shell script programming, predicates are often used. There are two ways to use predicates, one is to use test, and the other is to use []. Let's take a look at how to use these two methods through two simple examples. Example 1 # test –

Scan to Read All Tech Tutorials

Social Media
  • https://www.github.com/onmpw
  • qq:1244347461

Recommended

Tags

Java PHP Python Operating PostgreSQL Mysql Mongodb redis git Docker Operating Sy Algorithm Network React Vue WEB Js Javascript Prototype Pandas Jquery Angular Flask Django
Scan the Code
Easier Access Tutorial