Linux Iptables

	iptables -P [INPUT、OUTPUT、FORWARD] [ACCEPT、REJECT、DROP]
	iptables -A [INPUT、OUTPUT、FORWARD] -i [eth0、eth1、enoxxx] -s [192.168.1.32][192.168.1.0/24] -d [192.168.1.32][192.168.1.0/24] -p [tcp、udp、icmp、all] --dport [0~65535] -j [ACCEPT、REJECT、DROP、LOG]
	-P Default Policy
	-A chain
	-i 網路介面進入
	-o 網路介面離開
	-s 來源
	-d 目的
	-m mac --mac-source aa:bb:cc:dd:ee:ff
	-p Protocol [tcp、udp、icmp、all]
	--sport 來源 port
	--dport 目的 port
	-j 動作 [ACCEPT、REJECT、DROP、LOG]
	-F Delete all rules in chain or all chains
	-X Delete a user-defined chain
	-Z Zero the packet and byte counters in all chains

view raw 20160831C00.sh hosted with ❤ by GitHub

	[root@localhost ~]# iptables -P INPUT DROP
	[root@localhost ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
	[root@localhost ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

view raw 20160831C01.sh hosted with ❤ by GitHub

	[root@localhost ~]# iptables-save
	# Generated by iptables-save v1.4.21 on Wed Aug 31 01:26:18 2016
	*filter
	:INPUT DROP [2:340]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [3:308]
	-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	COMMIT
	# Completed on Wed Aug 31 01:26:18 2016

view raw 20160831C02.sh hosted with ❤ by GitHub

	[root@localhost ~]# iptables -L -n
	Chain INPUT (policy DROP)
	target prot opt source destination
	ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
	ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination

view raw 20160831C03.sh hosted with ❤ by GitHub

	[root@localhost ~]# iptables -F
	[root@localhost ~]# iptables -X
	[root@localhost ~]# iptables -Z
	[root@localhost ~]# iptables -P INPUT DROP
	[root@localhost ~]# iptables -A INPUT -p tcp --dport 22 -m mac --mac-source aa:bb:cc:dd:ee:ff -j ACCEPT
	#使用網卡位置進行管制
	[root@localhost ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
	[root@localhost ~]# iptables-save

view raw 20160831C04.sh hosted with ❤ by GitHub