Home  >  Article  >  System Tutorial  >  Detailed explanation of CentOS 6.6 default iptable rules

Detailed explanation of CentOS 6.6 default iptable rules

王林
王林forward
2024-01-05 22:38:321326browse

Today I installed a new centos6.6 virtual machine on my computer, and then installed nginx without any other settings. Then I found that nginx can only be accessed on centos. I checked the iptable rules

[root@centos6 ~]# iptables-save

# Generated by iptables-save v1.4.7 on Sun Jul 26 15:53:13 2015

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [5819:366868]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Sun Jul 26 15:53:13 2015

It seems that there is no problem. The default policy is to accept it. When I saw the last two sentences, I didn’t understand what they meant. After searching, it turned out to be

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

# These two items mean to reject all other data packets that do not meet any of the above rules in the INPUT table and FORWARD table. And send a host prohibited message to the rejected host.

url=1bwvdaSb6sKL_FzefyzVFd5GYoZOE4LMNiSG6Oe4WTGQb4ygdzWXVAlitJqLqQcjG1Zwg_xC1_6-Iflwq69il_

The above is the detailed content of Detailed explanation of CentOS 6.6 default iptable rules. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:jb51.net. If there is any infringement, please contact admin@php.cn delete