标题:centos禁止ip段和禁止icmp 包 出处:沧海一粟 时间:Mon, 28 May 2012 10:31:59 +0000 作者:jed 地址:http://www.dzhope.com/post/921/ 内容: # iptables -F # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT # iptables -A FORWARD -s 124.115.0.0/24 -j DROP # iptables -I FORWARD -d 202.96.170.164 -j DROP 补充:: 单个IP的命令是 iptables -I INPUT -s 124.115.0.199 -j DROP 封IP段的命令是 iptables -I INPUT -s 124.115.0.0/16 -j DROP iptables -I INPUT -s 124.115.3.0/16 -j DROP iptables -I INPUT -s 124.115.4.0/16 -j DROP 封整个段的命令是 iptables -I INPUT -s 124.115.0.0/8 -j DROP 封几个段的命令是 iptables -I INPUT -s 61.37.80.0/24 -j DROP iptables -I INPUT -s 61.37.81.0/24 -j DROP 用iptables禁止一个IP地址范围 iptables -A FORWARD -s 10.0.0.1-255 -j DROP 用防火墙禁止(或丢弃) icmp 包 iptables -A INPUT -p icmp -j DROP Generated by Bo-blog 2.1.1 Release