iptables:仅对http和ssh允许OUTPUT

时间:2012-12-31 10:45:01

标签: linux http ssh iptables

如何仅允许http和ssh的传出流量?

我试过了:

 iptables -A OUTPUT -p tcp --dport ssh -j ACCEPT
 iptables -A OUTPUT -p tcp --dport http -j ACCEPT

但是只要我添加

iptables -A OUTPUT -j DROP

什么都行不通,它阻止了一切。 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:22151
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sso-service
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

2 个答案:

答案 0 :(得分:2)

尝试使用--sport代替--dport

答案 1 :(得分:2)

首先,iptables配置的输出与您键入的规则不匹配。你重启iptable服务了吗?其次,您需要允许端口53上的udp也能使DNS工作:

 iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
相关问题
最新问题