亚洲香蕉成人av网站在线观看_欧美精品成人91久久久久久久_久久久久久久久久久亚洲_热久久视久久精品18亚洲精品_国产精自产拍久久久久久_亚洲色图国产精品_91精品国产网站_中文字幕欧美日韩精品_国产精品久久久久久亚洲调教_国产精品久久一区_性夜试看影院91社区_97在线观看视频国产_68精品久久久久久欧美_欧美精品在线观看_国产精品一区二区久久精品_欧美老女人bb

首頁 > 網(wǎng)站 > 幫助中心 > 正文

iptables的使用

2024-07-09 22:50:13
字體:
供稿:網(wǎng)友

# iptables filter

 

- iptables -F #清空所有規(guī)則

- service iptables save #保存規(guī)則

- iptables -t nat #-t指定表

- iptables -Z #將計數(shù)器清零

- iptables -A INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP

- iptables -I/-A/-D INPUT -s 1.1.1.1 -j DROP

- iptables -I INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT

- iptables -nvL --line-numbers

- iptables -D INPUT 1

- iptables -P INPUT DROP

 

 

 

 

 

 

```

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

  193 12868 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

6   552 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

   10  2365 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 112 packets, 12324 bytes)

 pkts bytes target     prot opt in     out     source               destination         

```

iptables規(guī)則記錄在/etc/sysconfig/iptables的配置文件中

```

[root@localhost ~]# cat /etc/sysconfig/iptables

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT[root@localhost ~]# iptables -F

```

```

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 6 packets, 428 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain OUTPUT (policy ACCEPT 4 packets, 448 bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@localhost ~]# cat /etc/sysconfig/iptables

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

 

```

重啟服務(wù),iptables規(guī)則重置

```

[root@localhost ~]# service iptables restart

Redirecting to /bin/systemctl restart iptables.service

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

8   576 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 5 packets, 716 bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@localhost ~]# service iptables save

 

```

 

```

[root@localhost ~]# iptables -t filter -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

   68  4536 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

1   229 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 38 packets, 5024 bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@localhost ~]# iptables -t nat -nvL

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

```

iptables -Z #將計數(shù)器清零pktsbytes

```

[root@localhost ~]# iptables -Z ; iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

```

 

[root[@localhost](https://my.oschina.net/u/570656) ~]# iptables -A INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP/REJECT

 

iptables -A #插入到后面

```

[root@localhost ~]# iptables -A INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

  354 23684 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

   13  1196 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

  383 47064 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 23 packets, 2212 bytes)

 pkts bytes target     prot opt in     out     source               destination

```

> 0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

iptables -I #插入到前面

```

[root@localhost ~]# iptables -I INPUT -p tcp --dport 80 -j DROP

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

  513 35132 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

   13  1196 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

  384 47308 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 7 packets, 1156 bytes)

 pkts bytes target     prot opt in     out     source               destination

 

```

iptables -D #刪除

```

[root@localhost ~]# iptables -D INPUT -p tcp --dport 80 -j DROP

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

  605 42492 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

   17  1564 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

  672 75245 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 19 packets, 1972 bytes)

 pkts bytes target     prot opt in     out     source               destination  

[root@localhost ~]# iptables -D INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

  744 55092 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

   18  1656 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

  673 75489 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 17 packets, 1628 bytes)

 pkts bytes target     prot opt in     out     source               destination  

```

> 刪除iptables的規(guī)則,但是重新書寫一條規(guī)則或許太麻煩或者忘記規(guī)則的寫法時

 

```

 

[root@localhost ~]# iptables -A INPUT -s 192.168.188.1 -p tcp --sport 1234 -d 192.168.188.128 --dport 80 -j DROP

[root@localhost ~]# iptables -I INPUT -p tcp --dport 80 -j DROP

[root@localhost ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

  912 70948 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

   18  1656 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

  674 75718 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 7 packets, 1364 bytes)

 pkts bytes target     prot opt in     out     source               destination

```

iptables -nvL --line-number

```

[root@localhost ~]# iptables -nvL --line-number

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

2     1010 77416 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

3        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

4        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

5       18  1656 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

6      674 75718 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

7        0     0 DROP       tcp  --  *      *       192.168.188.1        192.168.188.128      tcp spt:1234 dpt:80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 59 packets, 7820 bytes)

num   pkts bytes target     prot opt in     out     source               destination

```

```

[root@localhost ~]# iptables -D INPUT 1

[root@localhost ~]# iptables -D INPUT 7

iptables: Index of deletion too big.

[root@localhost ~]# iptables -D INPUT 6

[root@localhost ~]# iptables -nvL --line-number

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1     1165 87732 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

4       19  1748 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

5      674 75718 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT 42 packets, 4056 bytes)

num   pkts bytes target     prot opt in     out     source               destination

```

 

iptables -P #默認(rèn)規(guī)則

```

[root@localhost ~]# iptables -P OUTPUT DROP

```

 

> 終端使用DROP規(guī)則會使原本數(shù)據(jù)包在22端口通信,接收不了數(shù)據(jù),在返回給客戶端再返回給終端,結(jié)果到達(dá)不了終端,然后接收不了數(shù)據(jù)就會導(dǎo)致斷開終端連接,解決辦法到主機(jī)上將規(guī)則改回ACCEPT

 

```

[root@localhost ~]# iptables -nvL --line-number

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1     1165 87732 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

3        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           

4       19  1748 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

5      674 75718 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

num   pkts bytes target     prot opt in     out     source               destination         

1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy DROP 37 packets, 24648 bytes)

num   pkts bytes target     prot opt in     out     source               destination

[root@localhost ~]# iptables -P OUTPUT ACCEPT

```

 

> -s #ip

-p #指定協(xié)議

--sport #源端口號

-d #目標(biāo)ip

--dport #目標(biāo)端口號

-j #行為

 

 

#iptables小案例

 

```

vi /usr/local/sbin/iptables.sh

#!/bin/bash

ipt="/usr/sbin/iptables"

$ipt -F

$ipt -P INPUT DROP

$ipt -P OUTPUT ACCEPT

$ipt -P FORWARD ACCEPT

$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$ipt -A INPUT -s 192.168.133.0/24 -p tcp --dport 22 -J ACCEPT

$ipt -A INPUT -p tcp --dprot 80 -j ACCEPT

$ipt -A INPUT -p tcp --dprot 21 -j ACCEPT

 

icmp示例

iptables -I INPUT -p icmp --icmp-type 8 -j DROP

 

```

 

 

```

[root@localhost ~]# vim /usr/local/sbin/iptables.sh

#!/bin/bash

ipt="/usr/sbin/iptables"

$ipt -F

$ipt -P INPUT DROP

$ipt -P OUTPUT ACCEPT

$ipt -P FORWARD ACCEPT

$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$ipt -A INPUT -s 192.168.133.0/24 -p tcp --dport 22 -j ACCEPT

$ipt -A INPUT -p tcp --dport 80 -j ACCEPT

$ipt -A INPUT -p tcp --dport 21 -j ACCEPT

```

> tcp協(xié)議里ESTABLISHED是保持連接,RELATED狀態(tài)

 

```

[root@localhost ~]# w

 22:10:01 up 1 day, 20:48,  2 users,  load average: 0.00, 0.01, 0.05

USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT

root     tty1      06:40   15:23m  0.42s  0.42s -bash

root     pts/0     21:50    1.00s  0.45s  0.00s w

[root@localhost ~]# sh /usr/local/sbin/iptables.sh

[root@localhost ~]# iptables -nvL

Chain INPUT (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

   28  1848 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     tcp  --  *      *       192.168.133.0/24     0.0.0.0/0            tcp dpt:22

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain OUTPUT (policy ACCEPT 15 packets, 1428 bytes)

 pkts bytes target     prot opt in     out     source               destination

[root@localhost ~]# iptables -nvL

Chain INPUT (policy DROP 1 packets, 229 bytes)

 pkts bytes target     prot opt in     out     source               destination         

   41  2712 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

0     0 ACCEPT     tcp  --  *      *       192.168.133.0/24     0.0.0.0/0            tcp dpt:22

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80

0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

 

Chain OUTPUT (policy ACCEPT 27 packets, 3628 bytes)

 pkts bytes target     prot opt in     out     source               destination  

[root@localhost ~]# service iptables restart #此命令為重啟iptables服務(wù)

Redirecting to /bin/systemctl restart iptables.service

```

> 可以看出pkts bytes的值正在增長

 

 

icmp案例

Windows

```

C:UsersAdministrator>ping 192.168.9.134


正在 Ping 192.168.9.134 具有 32 字節(jié)的數(shù)據(jù):

來自 192.168.9.134 的回復(fù): 字節(jié)=32 時間<1ms TTL=64

來自 192.168.9.134 的回復(fù): 字節(jié)=32 時間<1ms TTL=64

來自 192.168.9.134 的回復(fù): 字節(jié)=32 時間<1ms TTL=64

來自 192.168.9.134 的回復(fù): 字節(jié)=32 時間<1ms TTL=64

 

192.168.9.134 Ping 統(tǒng)計信息:

    數(shù)據(jù)包: 已發(fā)送 = 4,已接收 = 4,丟失 = 0 (0% 丟失),

往返行程的估計時間(以毫秒為單位):

    最短 = 0ms,最長 = 0ms,平均 = 0ms

```

Linux

```

[root@localhost ~]# iptables -I INPUT -p icmp --icmp-type 8 -j DROP

```

> 使icmp被禁止了,--icmp-type 8icmp8種類型

 

Windows

```

C:UsersAdministrator>ping 192.168.9.134

 

正在 Ping 192.168.9.134 具有 32 字節(jié)的數(shù)據(jù):

請求超時。

請求超時。

請求超時。

請求超時。

 

192.168.9.134

發(fā)表評論 共有條評論
用戶名: 密碼:
驗證碼: 匿名發(fā)表
国产一级一级国产| 免费看黄色网| 免费的成人av| 999国产精品永久免费视频app| 黄色污网站在线观看| 欧美猛男男男激情videos| 超碰97在线播放| 成人写真视频福利网| 色综合久久天天综线观看| 日本1区2区3区视频| 蜜桃视频成人在线观看| 欧美高清一级片在线观看| 国产精品jk白丝蜜臀av小说| 欧美另类一区二区三区| 无码免费一区二区三区免费播放| 国产一级激情| 久久精品2019中文字幕| av在线首页| 亚洲一区二区视频在线| 波多野结衣三级视频| 国产妇女馒头高清泬20p多| 曰本大片免费观看视频| 欧美日韩不卡视频| dy888夜精品国产专区| 欧在线一二三四区| 日日干天夜夜| 狠狠一区二区三区| 婷婷视频在线观看| 中文字幕+乱码+中文字幕明步| 国产91ⅴ在线精品免费观看| 精品国产伦一区二区三区| 国产欧美久久久久久| 久久精品久久99精品久久| 国产精品美女在线播放| 欧美黄色精品| 欧美日韩久久不卡| 欧美日韩国产综合新一区| 国产精品视频白浆免费视频| 伊伊综合在线| 99久久这里有精品| 亚洲精品色婷婷福利天堂| 18视频在线观看网站| 日韩av一区二区三区在线观看| 国产女呦网站| h视频在线观看免费| 黑人巨大精品欧美一区二区一视频| 欧美色图免费看| 欧美aaaxxxx做受视频| 国产乱码精品一区二区三区不卡| 国产hs免费高清在线观看| 国产一区二区精品福利地址| 91麻豆6部合集magnet| www.youjizz.com亚洲| 91久久极品少妇xxxxⅹ软件| 国产精品88久久久久久| 中文字幕人妻一区二区三区| 久久亚洲精品伦理| 亚洲视频免费一区| 91精品国产91久久久久久不卡| 欧美精品久久一区二区| a篇片在线观看网站| 欧美高清视频免费观看| 免费观看亚洲视频| 一区二区精品国产| 99热只有这里有精品| 中文字幕一区二区三区不卡| 色婷婷久久久综合中文字幕| 国产午夜激情视频| 俄罗斯黄色录像| www.三级.com| metart日本精品嫩模| 欧日韩一区二区三区| 高潮毛片又色又爽免费| 久草视频手机在线| 天天色综合av| 99热在线免费| 日韩精品在线网站| 国产精品一区二区av日韩在线| 久久久精品影院| 亚洲电影欧美电影有声小说| 日本一区二区三区在线观看视频| 91欧美一区二区| 日本不卡一区二区三区在线观看| 91在线地址| 国产在线一区不卡| 国产综合无码一区二区色蜜蜜| 91免费精品国自产拍在线不卡| 欧美视频一区二区在线| 欧美在线欧美在线| 美女网站一区二区| 成人成人成人在线视频| yw3121.龙物视频永不失联| 欧美乱大交xxxxx另类| 精品国产不卡一区二区三区| 国产精品mv在线观看| 中文字幕在线亚洲三区| 日韩成人在线免费观看| 91网站在线播放| 在线免费日韩片| 国产福利精品导航| 婷婷精品国产一区二区三区日韩| 伊人网综合在线| 57pao精品| 亚洲三级黄色在线观看| 亚洲欧美韩国| 色综合一区二区| 久久亚洲一区| 中国成人在线视频| www.aqdy爱情电影网| 黄在线免费观看| 国产女人水真多18毛片18精品| 欧美成人免费视频a| 污黄视频在线看| 成人黄色片视频网站| 伊人成人在线| 欧美一级在线亚洲天堂| 精品91免费| 精品视频1区2区| 蜜臀av性久久久久av蜜臀妖精| 精品一区二区三区视频在线观看| 你懂的一区二区三区| 日本老太婆做爰视频| 无码人妻一区二区三区精品视频| 日本丰满少妇xxxx| 国产大奶视频| 国产一级片儿| 免费无码av片在线观看| 中文字幕乱码日本亚洲一区二区| 亚洲精品久久久久久无码色欲四季| 在线观看h网址| 日本亚洲欧洲色α| 欧美性猛交内射兽交老熟妇| 荡女精品导航| 日韩成人av电影在线| 五月天激情小说综合| 久久蜜桃资源一区二区老牛| 一本岛在线视频| 97最新国自产拍视频在线完整在线看| 欧美丝袜美女中出在线| 日韩三级成人av网| 日韩黄色一级视频| 国产第一页视频| 国产精品无码人妻一区二区在线| 午夜精品一区二区三区四区| 亚洲石原莉奈一区二区在线观看| 亚洲毛片av在线| 拔插拔插华人永久免费| 无码无套少妇毛多18pxxxx| 欧美日韩中文字幕日韩欧美| 亚洲天堂一区二区三区| 国产精品中出一区二区三区| 久久av电影| 少妇精品视频一区二区| hs网站在线观看| 69av.com| 日韩美女国产精品| 91极品视觉盛宴| 九九久久国产精品| 中文字幕 久热精品 视频在线| 欧美白人最猛性xxxxx69交| 国产原创一区二区| 影音av资源站| 国产精品12| 日韩激情视频网站| 国产精品剧情一区二区三区| 大肉大捧一进一出好爽视频| 印度午夜性春猛xxx交| 欧美成人激情图片网| 国产成人免费av电影| 在线免费av一区| 亚洲区小说区图片区qvod| 天堂在线精品视频| 亚洲国产无线乱码在线观看| 疯狂做受xxxⅹ高潮视频免费| 欧美国产视频在线观看| 欧美性欧美巨大黑白大战| 日本伊人精品一区二区三区观看方式| 日韩在线第七页| 欧美人与性动交xxⅹxx| 一本到三区不卡视频| 日韩写真在线| 久久久9色精品国产一区二区三区| 美女航空一级毛片在线播放| 欧美激情中文不卡| 亚洲免费视频一区二区| 凹凸日日摸日日碰夜夜| 美女视频免费观看网站在线| 激情av中文字幕| 欧美日韩1080p| 欧美精品一级二级| 久久影院一区二区三区| 国产成人综合久久| 天堂网免费视频| 日本福利在线| 青青草视频在线观看| 精品国产乱码久久久久久老虎| 免费观看一区二区三区毛片| 日韩免费在线看| lutube成人福利在线观看| 国产成人啪精品视频免费网| 亚洲色图都市激情| 九色在线观看| 久久精品久久久精品美女| 极品av少妇一区二区| 韩国三级大全久久网站| 国产女人18毛片18精品| 亚洲欧美在线成人| 国产免费av在线| 一本一道久久综合狠狠老| 亚洲日本韩国在线| 欧美日韩在线网站| 噜噜噜天天躁狠狠躁夜夜精品| 中文字幕在线播放一区二区| 九色蝌蚪性视频| 色诱色偷偷久久综合| 国产精品久久久久久福利一牛影视| 久久精品视频91| 国产精品盗摄久久久| 国产亚洲色婷婷久久| 日韩久久一级片| 亚洲一区二区三区美女| 久久影音资源网| 丝袜美腿诱惑一区二区三区| 91九蝌蚪视频| 久久亚洲国产中v天仙www| 午夜影视日本亚洲欧洲精品| 成人免费淫片aa视频免费| 国内外成人免费激情在线视频| 女人18毛片水真多18精品| 天天爽夜夜爽人人爽| 欧美日韩国产二区| 亚洲制服丝袜一区| 国产精品欧美一区二区三区奶水| 日韩欧美精品一区| 一区二区av| 国模私拍在线观看| 狠狠久久亚洲欧美专区| 婷婷丁香综合| 欧美精品一区二区三区久久久竹菊| 成人一级福利| 精品日韩久久久| 国产精品1区2区在线观看| 久久成人免费网站| 黄色小网站91| 香蕉成人在线| 久草视频在线播放| 国产**成人网毛片九色| 亚洲九九九在线观看| 亚洲精品电影久久久| 免费羞羞视频网站| av在线免费观看网站| 国新精品乱码一区二区三区18| 第一福利永久视频精品| 蜜桃91在线| 国产一区精品视频| 超碰97在线资源站| 国产精品一区二区久激情瑜伽| 久久免费激情视频| a在线观看免费| 在线视频亚洲| 成人天堂噜噜噜| 在线观看亚洲欧美| 国产精品免费看一区二区三区| 免费观看久久久久| 国产区在线观看视频| 一区二区三区欧美视频| 久久av综合网| 国产suv精品一区二区883| 国产精品综合在线| 青青草免费观看视频| 精品在线视频一区二区| 日韩伦理一区二区三区| 欧美日韩一区中文字幕| 影音先锋在线中文字幕| 欧美精品精品精品精品免费| 欧美一区二区三级| 黄色激情在线观看| 欧美美女一区二区| 欧美成人精品激情在线视频| 欧美va亚洲va香蕉在线| 国产一级电影网| 日本 欧美 国产| 欧美综合一区| 中文字幕av第一页| 精品少妇一区二区三区密爱| 欧美精品成人一区二区在线观看| 亚洲一二三区不卡| 亚洲同性同志一二三专区| 4hu四虎永久在线观看| 国产欧美精品一区二区三区| 亚洲欧美国产制服动漫| 欧美高清在线视频| 久久在线免费观看| 高清一级毛片视频| 一级性生活视频| 欧美日韩不卡中文字幕在线| 亚洲精品乱码久久久久久日本蜜臀| 成人免费高清视频| 久久丫精品国产亚洲av不卡| 日韩一区二区三| 久久亚洲AV无码专区成人国产| 不卡的电视剧免费网站有什么| 日本免费一区二区三区视频| 久久午夜色播影院免费高清| 久久这里有精品15一区二区三区| 国产欧美精品在线| 深夜福利一区二区| 99热在线观看免费精品| www..com日韩| 视频一区免费在线观看| 加勒比海盗1在线观看免费国语版| 国产亚洲a∨片在线观看| 日韩特黄一级片| 亚欧色一区w666天堂| 欧美伊人久久久久久久久影院| 激情文学综合| 自拍视频第一页| 97超碰蝌蚪网人人做人人爽| 国产在线网站| 97久久精品一区二区三区的观看方式| 黄色片网站在线播放| 香蕉久久网站| av在线免费观看不卡| 欧美一二区在线观看| 国产一区二区三区探花| 国产美女视频免费| 第一sis亚洲原创| 亚洲高清av一区二区三区|