linux或sunOs下防火墙配置

原创

wx63db212c2853a 2023-02-02 10:55:45 博主文章分类：linux ©著作权

文章标签 重启 文章分类 运维

©著作权归作者所有：来自51CTO博客作者wx63db212c2853a的原创作品，请联系作者获取转载授权，否则将追究法律责任

sunOs下设置(/etc/ipf/ipf.conf ipf.rules):
pass in quick from 10.218.101.23 to any
pass out quick from any to 10.218.101.23
pass in quick from 10.218.101.22 to any
pass out quick from any to 10.218.101.22
pass in quick from 10.218.101.21 to any
pass out quick from any to 10.218.101.21
pass in quick from 10.218.101.20 to any
pass out quick from any to 10.218.101.20
pass in quick from 10.218.101.10 to any
pass out quick from any to 10.218.101.10
pass in quick from 10.218.101.11 to any
pass out quick from any to 10.218.101.11
pass in quick from 10.218.101.13 to any
pass out quick from any to 10.218.101.13
pass in quick from 10.218.101.14 to any
pass out quick from any to 10.218.101.14
pass in quick from 10.218.101.15 to any
pass out quick from any to 10.218.101.15
block in quick all
block out quick all

重启防火墙:
svcadm disable ipfilter
svcadm enable ipfilter

liux设置(/etc/sysconfig/iptables):

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -s 10.218.101.20 -j ACCEPT
-A INPUT -s 10.218.101.21 -j ACCEPT
-A INPUT -s 10.218.101.22 -j ACCEPT
-A INPUT -s 10.218.101.23 -j ACCEPT
-A INPUT -s 10.218.101.24 -j ACCEPT
-A INPUT -s 10.218.101.10 -j ACCEPT
-A INPUT -s 10.218.101.11 -j ACCEPT
-A INPUT -s 10.218.101.13 -j ACCEPT
-A INPUT -s 10.218.101.14 -j ACCEPT
-A INPUT -s 10.218.101.15 -j ACCEPT

-A INPUT -s 123.57.184.78 -j ACCEPT
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --这句要加上，不然127.0.0.1无法使用(ping也不通)
-A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT-这句要加上，不然127.0.0.1无法使用(ping也不通)

-A INPUT -j DROP

COMMIT

重启防火墙:

service iptables restart

上面的功能是只允许配置的ip访问本机,其它机器一概进行拦截