防火墙netfilter的配置文件:(原始状态)
[root@centos8 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
在filter表的INPUT链中插入一条规则,允许连续的IP地址段192.168.168.150-192.168.168.158访问本机的TCP 80端口:
[root@centos8 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m iprange --src-range 192.168.168.150-192.168.168.158
保存防火墙规则:(插入的规则会马上生效,但不保存的话,重启防火墙或主机就会失效)
[root@centos8 ~]# iptables-save > /etc/sysconfig/iptables