linux - 阿里云centos系统，配置了iptables防火墙，封IP无效，还是能访问

Question

*filter
:INPUT ACCEPT [3:130]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [72:12040]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 88 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -s 218.17.162.114/32 -j DROP #这是我本地的ip，我封了，还是可以访问网页。。。。

-A INPUT -p tcp -j DROP

COMMIT

-A INPUT -s 218.17.162.114/32 -j DROP 我封了，还是可以访问网页，封ip没生效，关了80端口，也能访问网页，怎么回事呢？

Answer 1

Delete input accept

Answer 2

It is recommended to find a book on Linux management first and study it carefully. In the future, for this kind of problem, read the book first and then study.

Answer 3

-A INPUT -s 218.17.162.114/32 -j DROP
Write to the front

Answer 4

Alibaba Cloud recommends using security group rules instead of the system firewall for the following reasons:
1. One less service, more performance, and more disk space
2. The web page operation is simpler and easy to use. Powerful function
3. Modifying rules is faster than operating iptables
4. The speed of taking effect is basically the same as restarting iptables
5. The cloud’s protection capability is stronger than your cheap cloud server, and it will not be directly attacked Affects internal servers