有时候我们服务器可能是开放的服务比较多,所以我们要写好多条差不多的规则,只不过是端口号不一样,这样就会让匹配的效率下降很多
例如:
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 21 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 25 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 110 -j ACCEPT
这个时候,我们就可以使用模块multiport
iptables -A INPUT -p tcp –syn -m state –state NEW -m multiport –dports 21,22,25,80,110 -j ACCEPT
iptables -A INPUT -p all -m state –state ESTABLISHED,RELATED -j ACCEPT
Latest posts by Zhiming Zhang (see all)
- docker 设置net.ipv4.tcp_max_syn_backlog net.core.somaxconn - 二月 12, 2020
- docker exec -u 0 -ti 82b5d133f211 /bin/bash - 二月 12, 2020
- nginx resolvervalid not working with domain - 一月 6, 2020