signed

QiShunwang

“诚信为本、客户至上”

iptables 添加自定义链并引用

2021/6/3 16:33:33   来源:

##### Create link #####

#创建名为ICA_SCAN的链到filter表

iptables -t filter -N ICA_SCAN

##### Add policy ######

#为ICA_SCAN链添加策略(追加到末尾),filter默认为ACCEPT,计划只放行以下3个ip

iptables -t filter -A ICA_SCAN -s 127.0.0.1,10.244.0.0/16,10.120.251.94 -j ACCEPT

iptables -t filter -A ICA_SCAN -s 0.0.0.0/0 -j REJECT

##### Rreference #####

#引用自定义链到INPUT默认链才能生效

iptables -t filter -A INPUT -p tcp -m multiport --dport 6443,9100,8088,8188,50075 -j ICA_SCAN

iptables -t filter -nvxL --line

 

##### Delete Policy##############

##                                                           #

##iptables -t filter -D INPUT 3 #

##                                                           #

#################################