1. Ban access to specified websites
iptables supports trial domain names and IP addresses to specify banned websites. If you use a domain name to specify a website, iptables will query all IP addresses corresponding to the domain name through the DNS server and add these IP addresses to the rules. Therefore, when you use a domain name to specify a website, the execution speed of iptables will be slightly slower.
The command is as follows:
[root@localhost ~]# iptables -I FORWARD -d www.xxx.com -j DROP
[root@localhost ~]# iptables -t filter -L FORWARD
2. Prohibit the Linux server from accessing the Internet
The operation command is as follows:
[root@localhost ~]# iptables -I FORWARD -s 192.168.1.102 -j DROP
[root@localhost ~]# iptables -t filter -L FORWARD
3. Prohibit the Linux server from accessing certain access
The port is used by TCP/IP "Port" is used to distinguish different services in the system. For example, the web service uses TCP port 80, the FTP service uses TCP port 21, etc. Since different services use different ports to communicate with the outside world, to prohibit certain accesses on the Linux server, you only need to prohibit the port number used by the service.
The operation command is as follows:
[root@localhost ~]# iptables -I FROWARD -s 192.168.1.0/24 -p tcp --dport 21 -j DROP
[root@localhost ~]# iptables -t filter -L FROWARD
The above is the detailed content of How to ensure Linux network security. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
