iptables 设置指定IP客户端访问服务器redis端口
Posted sky_cheng
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了iptables 设置指定IP客户端访问服务器redis端口相关的知识,希望对你有一定的参考价值。
一、需求描述:服务器172.28.18.75开放了6379redis端口,由于没有设置登录密码,所以需要防火墙设置只能指定的IP地址172.28.5.125客户端访问redis端口
二、查看172.28.18.75的防火墙规则
[root@zabbix_server ~]# iptables -nvL Chain INPUT (policy DROP 2 packets, 104 bytes) pkts bytes target prot opt in out source destination 230K 23M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 708 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601 14 8190 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 32 1681 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306 516 26832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000 734 38168 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050 126 6776 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:15672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4369 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8078 29 1508 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8081 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8078 53 3122 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8079 3 164 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8075
Chain INPUT (policy DROP 2 packets, 104 bytes)默认规则是禁止,那么只需要添加允许访问IP的规则即可
三、添加规则:指定127.0.0.1的IP可以访问redis6379
[root@zabbix_server ~]# iptables -A INPUT -s 127.0.0.1 -p tcp --dport 6379 -j ACCEPT
在172.28.18.75上测试
[root@zabbix_server ~]# redis-cli 127.0.0.1:6379> get keys (nil)
四、添加规则:指定172.28.5.125P可以访问172.28.18.75的redis6379
[root@zabbix_server ~]# iptables -A INPUT -s 172.28.5.125 -p tcp --dport 6379 -j ACCEPT
查看规则
[root@zabbix_server ~]# iptables -nvL Chain INPUT (policy DROP 10 packets, 496 bytes) pkts bytes target prot opt in out source destination 466K 46M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 708 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601 24 8710 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 62 3241 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306 1054 54808 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000 1486 77272 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050 254 13656 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:15672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25672 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4369 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8078 59 3068 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8081 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8078 104 5774 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8079 3 164 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8075 2 104 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:6379 0 0 ACCEPT tcp -- * * 172.28.5.125 0.0.0.0/0 tcp dpt:6379
在172.28.5.125上测试
五、添加规则:指定IP地址段172.28.146.1-172.28.146.252可以访问redis6379
[root@zabbix_server ~]# iptables -A INPUT -s 172.28.146.1/252 -p tcp --dport 6379 -j ACCEPT
六、保存规则
[root@zabbix_server ~]# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables:[确定]
七、重启服务
[root@zabbix_server ~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则:[确定]
iptables:正在卸载模块:[确定]
iptables:应用防火墙规则:[确定]
以上是关于iptables 设置指定IP客户端访问服务器redis端口的主要内容,如果未能解决你的问题,请参考以下文章
Linux防火墙iptables限制几个特定ip才能访问服务器。
Linux防火墙iptables限制几个特定ip才能访问服务器。