如何设置iptables,控制访问FTP服务器的IP地址?
如何设置iptables,控制访问FTP服务器的IP地址?
本人配置如下:
[root@grand etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 10.64.54.150 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.151 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.152 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.153 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.154 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.155 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.156 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.157 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.158 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.159 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.160 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.161 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.162 anywhere tcp dpt:ftp
ACCEPT tcp -- 10.64.54.150 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.151 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.152 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.153 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.154 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.155 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.156 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.157 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.158 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.159 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.160 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.161 anywhere tcp dpt:ftp-data
ACCEPT tcp -- 10.64.54.162 anywhere tcp dpt:ftp-data
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp spt:31337
DROP tcp -- anywhere anywhere tcp dpt:31337
配置后其它IP机器仍然能够访问FTP服务器。
那么如何配置呢?敬请专家指点!
