有时候我们服务器可能是开放的服务比较多,所以我们要写好多条差不多的规则,只不过是端口号不一样,这样就会让匹配的效率下降很多
例如:
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 21 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 25 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 110 -j ACCEPT
这个时候,我们就可以使用模块multiport
iptables -A INPUT -p tcp –syn -m state –state NEW -m multiport –dports 21,22,25,80,110 -j ACCEPT
iptables -A INPUT -p all -m state –state ESTABLISHED,RELATED -j ACCEPT
Latest posts by Zhiming Zhang (see all)
- kubernetes The node was low on resource: ephemeral-storage.” Evicted - 五月 21, 2020
- ansible 操作aws target group - 五月 14, 2020
- kubernetes ingress-nginx plugin - 五月 13, 2020