{"id":459,"date":"2018-06-09T14:05:25","date_gmt":"2018-06-09T06:05:25","guid":{"rendered":"http:\/\/pony.hk\/?p=459"},"modified":"2018-06-09T14:05:25","modified_gmt":"2018-06-09T06:05:25","slug":"iptables%e7%9a%84%e9%85%8d%e7%bd%ae%e9%a1%ba%e5%ba%8f%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"https:\/\/lnmp.ivan.xin\/?p=459","title":{"rendered":"iptables\u7684\u914d\u7f6e\u987a\u5e8f\u95ee\u9898"},"content":{"rendered":"<p>\u4f7f\u7528\u547d\u4ee4 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT\uff0c\u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e\u7684\u65f6\u5019\uff0c\u6761\u76ee\u987a\u5e8f\u4e0d\u4e00\u6837\uff0c\u4ea7\u751f\u7684\u6548\u679c\u662f\u4e0d\u4e00\u6837\u7684\u3002\u4f8b\u5982<span style=\"color: #000000;\">\u4e0b\u8fb9\u7684\u914d\u7f6e\uff0c\u662f\u653e\u884c443\u7aef\u53e3\u3002\u4f46\u662f\u5982\u679c\u7ea2\u8272\u7684\u8fd9\u4e00\u53e5\uff0c\u6700\u5f00\u59cb\u6ca1\u6709\u914d\u7f6e\uff0c\u800c\u662f\u5230\u6700\u540e\u8865\u4e0a\uff0c\u90a3\u4e48\u5b83\u5c31\u4f1a\u5728\u6700\u540e\u4e00\u884c\uff0c\u8fd9\u6837\u7684\u8bdd\uff0c443\u7aef\u53e3\u662f\u4e0d\u901a\u7684\uff01<\/span><\/p>\n<p># iptables -L -n<\/p>\n<blockquote><p>Chain INPUT (policy DROP)<br \/>\ntarget prot opt source destination<br \/>\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 state RELATED,ESTABLISHED<br \/>\nACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:80<br \/>\n<span style=\"color: #ff0000;\">ACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW tcp dpt:443<\/span><br \/>\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0<br \/>\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0<br \/>\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0<br \/>\nREJECT all -- 0.0.0.0\/0 0.0.0.0\/0 reject-with icmp-host-prohibited<\/p>\n<p>Chain FORWARD (policy DROP)<br \/>\ntarget prot opt source destination<br \/>\nREJECT all -- 0.0.0.0\/0 0.0.0.0\/0 reject-with icmp-host-prohibited<\/p>\n<p>Chain OUTPUT (policy ACCEPT)<br \/>\ntarget prot opt source destination<br \/>\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u4f7f\u7528\u547d\u4ee4 iptables -A INPUT -p tcp -m state --state NEW -m t...<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-459","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=459"}],"version-history":[{"count":0,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/459\/revisions"}],"wp:attachment":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}