在防火墙添加规则后我是这样改的vi /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
重启:/etc/init.d/iptables restart
返回值:Error occurred at line: 16
Try `iptables-restore -h’ or ‘iptables-restore –help’ for more information.
[FAILED]
找到解决方法:
/sbin/iptables -I INPUT -p tcp –dport 21 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
重启成功:iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
#屏蔽单个IP的命令是
iptables -I INPUT -s 123.45.6.7 -j DROP
#封整个段即从123.0.0.1到123.255.255.254的命令
iptables -I INPUT -s 123.0.0.0/8 -j DROP
#封IP段即从123.45.0.1到123.45.255.254的命令
iptables -I INPUT -s 124.45.0.0/16 -j DROP
#封IP段即从123.45.6.1到123.45.6.254的命令是
iptables -I INPUT -s 123.45.6.0/24 -j DROP
