一、补充规则
在场景一的基础上,修改只允许192.168.0.107访问本机的httpd服务
二、配置方法
[root@localhost ~]# iptables -D INPUT -p tcp --dport 80 -j REJECT
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:10:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
[root@localhost ~]# iptables -I INPUT -p tcp -s 192.168.0.103 --dport 80 -j ACCEPT
三、测试方法
1、在192.168.0.103的机器上进行测试
[root@localhost ~]# curl -I http://192.168.0.103/
HTTP/1.1 403 Forbidden
Date: Sat, 19 Aug 2017 01:32:29 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
[root@localhost ~]# telnet 192.168.0.103 80
Trying 192.168.0.103...
Connected to 192.168.0.103.
Escape character is '^]'.
Connection closed by foreign host.
2、在192.168.0.107的机器上进行测试
C:\Users\lenovo>telnet 192.168.0.103 80
正在连接192.168.0.103...无法打开到主机的连接。 在端口 80: 连接失败