有时候我们服务器可能是开放的服务比较多,所以我们要写好多条差不多的规则,只不过是端口号不一样,这样就会让匹配的效率下降很多
例如:
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 21 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 25 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –syn -m state –state NEW –dport 110 -j ACCEPT
这个时候,我们就可以使用模块multiport
iptables -A INPUT -p tcp –syn -m state –state NEW -m multiport –dports 21,22,25,80,110 -j ACCEPT
iptables -A INPUT -p all -m state –state ESTABLISHED,RELATED -j ACCEPT
Latest posts by Zhiming Zhang (see all)
- istio Ingress Gateways - 十一月 25, 2020
- Istio VirtualService - 十一月 23, 2020
- istio 组件 - 十一月 18, 2020