Home >Operation and Maintenance >Linux Operation and Maintenance >How to ensure Linux network security

How to ensure Linux network security

WBOY
WBOYforward
2023-05-13 10:31:111395browse

1. Ban access to specified websites

iptables supports trial domain names and IP addresses to specify banned websites. If you use a domain name to specify a website, iptables will query all IP addresses corresponding to the domain name through the DNS server and add these IP addresses to the rules. Therefore, when you use a domain name to specify a website, the execution speed of iptables will be slightly slower.

The command is as follows:

[root@localhost ~]# iptables -I FORWARD -d www.xxx.com -j DROP

[root@localhost ~]# iptables -t filter -L FORWARD

2. Prohibit the Linux server from accessing the Internet

The operation command is as follows:

[root@localhost ~]# iptables -I FORWARD -s 192.168.1.102 -j DROP

[root@localhost ~]# iptables -t filter -L FORWARD

3. Prohibit the Linux server from accessing certain access

The port is used by TCP/IP "Port" is used to distinguish different services in the system. For example, the web service uses TCP port 80, the FTP service uses TCP port 21, etc. Since different services use different ports to communicate with the outside world, to prohibit certain accesses on the Linux server, you only need to prohibit the port number used by the service.

The operation command is as follows:

[root@localhost ~]# iptables -I FROWARD -s 192.168.1.0/24 -p tcp --dport 21 -j DROP

[root@localhost ~]# iptables -t filter -L FROWARD

The above is the detailed content of How to ensure Linux network security. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete