linux – Iptables忽略配置文件中的规则
发布时间:2020-12-14 02:52:13 所属栏目:Linux 来源:网络整理
导读:我从ip 188.241.114.22看到很多与我的apache服务器建立的连接,最终导致apache挂起.重新启动服务后,一切正常. 我尝试在iptables中添加规则 -A INPUT -s 188.241.114.22 -j DROP 但尽管如此,我仍然看到来自该IP的连接. 我正在使用centOS,我正在添加像你这样的
|
我从ip 188.241.114.22看到很多与我的apache服务器建立的连接,最终导致apache挂起.重新启动服务后,一切正常.
我尝试在iptables中添加规则 -A INPUT -s 188.241.114.22 -j DROP 但尽管如此,我仍然看到来自该IP的连接. iptables -A INPUT -s 188.241.114.22 -j DROP 正好我用它来保存它:service iptables save
Chain INPUT (policy ACCEPT 120K packets,16M bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere
0 0 DROP all -- any any c-98-210-5-174.hsd1.ca.comcast.net anywhere
0 0 DROP all -- any any c-98-201-5-174.hsd1.tx.comcast.net anywhere
0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere
0 0 DROP all -- any any www.dabacus2.com anywhere
0 0 DROP all -- any any 116.255.163.100 anywhere
0 0 DROP all -- any any 94.23.119.11 anywhere
0 0 DROP all -- any any 164.bajanet.mx anywhere
0 0 DROP all -- any any 173-203-71-136.static.cloud-ips.com anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
0 0 DROP all -- any any 74.122.177.12 anywhere
0 0 DROP all -- any any 58.83.227.150 anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
0 0 DROP all -- any any v1.oxygen.ro anywhere
Chain FORWARD (policy ACCEPT 0 packets,0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 186K packets,224M bytes)
pkts bytes target prot opt in out source destination
解决方法
命令iptables -A INPUT在INPUT链的末尾添加一个新规则. Iptables在第一个匹配原则上工作,因此您可能有规则允许在链中较早的端口80上访问.
使用a保存iptables的状态 服务iptables保存 service iptables restart (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |