Iptables阻止除localhost之外的所有内容?

时间:2014-08-25 12:42:01

标签: webserver iptables

我正在尝试设置我的服务器来阻止除了来自任何地方的SSH之外的所有传入流量,以及来自localhost的HTTP(因此我必须通过隧道来使用网络服务器)。

以下是由iptables-save生成的规则。

*filter
:INPUT ACCEPT [10:536]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11:1140]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j DROP
COMMIT

SSH工作正常,但wget localhost仍无效。

怎么回事?

1 个答案:

答案 0 :(得分:0)

这对我有用:

$ cat rules
# Generated by iptables-save v1.4.21 on Mon Aug 25 15:06:42 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -i lo -p tcp --dport 80 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Mon Aug 25 15:06:42 2014
$ sudo iptables-apply rules
Applying new iptables rules from 'rules'... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.
$ curl http://127.0.0.1/
<!DOCTYPE html>
<html>
...
相关问题
最新问题