<![CDATA[沧海一粟]]>

<![CDATA[沧海一粟]]> http://www.dzhope.com/index.php zh-cn http://www.dzhope.com/post// <![CDATA[centos禁止ip段和禁止icmp 包]]> jed <jed521@163.com> Mon, 28 May 2012 02:31:59 +0000 http://www.dzhope.com/post// # iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -A FORWARD -s 124.115.0.0/24 -j DROP
# iptables -I FORWARD -d 202.96.170.164 -j DROP

补充：：

单个IP的命令是
iptables -I INPUT -s 124.115.0.199 -j DROP

封IP段的命令是
iptables -I INPUT -s 124.115.0.0/16 -j DROP
iptables -I INPUT -s 124.115.3.0/16 -j DROP
iptables -I INPUT -s 124.115.4.0/16 -j DROP

封整个段的命令是
iptables -I INPUT -s 124.115.0.0/8 -j DROP

封几个段的命令是
iptables -I INPUT -s 61.37.80.0/24 -j DROP
iptables -I INPUT -s 61.37.81.0/24 -j DROP

用iptables禁止一个ＩＰ地址范围

iptables -A FORWARD -s 10.0.0.1-255 -j DROP

用防火墙禁止(或丢弃) icmp 包
iptables -A INPUT -p icmp -j DROP

Tags - iptables , ip段 ]]> http://www.dzhope.com/post//#blogcomment <![CDATA[[评论] centos禁止ip段和禁止icmp 包]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://www.dzhope.com/post//#blogcomment