linuxʵÓÃÃüÁîÊÕ¼¯

½ø³Ìƪ
²é¿´Ä³½ø³Ì¶Ë¿ÚºÅ
netstat -anp | grep 80
lsof -i :port
Àý£º  ×¢Òâ":"ºó£¬½ô¸ú¶Ë¿ÚºÅ£¬Ã»Óпոñ
#lsof -i :443
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
java    2731 root   35u  IPv6   7778       TCP *:https (LISTEN)
·þÎñÅäÖÃ
SSHÐÞ¸ÄĬÈ϶˿Ú
¾ßÌå·½·¨ÈçÏ£º
¡¡¡¡Ê¹ÓÃVI±à¼­Æ÷´ò¿ª /etc/ssh/sshd_config
¡¡¡¡ÕÒµ½´óÔ¼µÚ13ÐÐ×óÓÒ£¬Óиö #Port 22
¡¡¡¡½«Ç°ÃæµÄ# È¥µô È»ºó Port ºóÃæµÄ22¸ÄΪÄãÏëÒªµÄ¶Ë¿Ú
¡¡¡¡È»ºó±£´æÍ˳ö£¬Ö´ÐÐ service sshd restart ¼´¿É
·À»ðǽiptablesÅäÖÃ
iptables¹æÔò±í
Filter ¸úLinuxÖ÷»úÓйأ¬ÊÇĬÈϵÄtable
    ¡ð INPUT      Óë·â°ü ½øÈëÎÒÃǵÄlinux±¾»úÏà¹Ø
    ¡ð OUTPUT  Óëlinux±¾»úÏëÒª·¢³öµÄ·â°üÏà¹Ø
    ¡ð FORWARD Óëlinux±¾»úûÓйØϵ£¬¿ÉÒÔ½«·â°üתµÝµ½ºó¶ËµÄµçÄÔ
iptablesÃüÁî
• ²é¿´·À»ðǽ¹æÔò
iptables [-t tables] [-L] [-nv]
²ÎÊý¡Ã
-t ¡ÃºóÃæ½Ó table £¬ÀýÈç nat »ò filter £¬ÈôÊ¡ÂÔ´ËÏîÄ¿£¬ÔòʹÓÃĬÈ쵀 filter
-L ¡ÃÁгöÄ¿Ç°µÄ table µÄ¹æÔò
-n ¡Ã²»½øÐÐ IP Óë HOSTNAME µÄ·´²é£¬ÏÔʾÐÅÏ¢µÄËٶȻá¿ìºÜ¶à¡£
-v ¡ÃÁгö¸ü¶àµÄÐÅÏ¢£¬°üÀ¨Í¨¹ý¸Ã¹æÔòµÄ·â°ü×ÜλԪÊý¡¢Ïà¹ØµÄÍøÂç½Ó¿ÚµÈ
• Çå³ý·À»ðǽ¹æÔò
Iptables [-FXZ]
¶¨ÒåĬÈϲßÂÔ
iptables [-t nat] -P [INPUT,OUTPUT,FORWARD] [ACCEPT,DROP]
²ÎÊý¡Ã
-P ¡Ã¶¨ÒåÕþ²ß( Policy )¡£×¢Ò⣬Õâ¸ö P Ϊ´óд¡£
ACCEPT ¡Ã¸Ã·â°ü¿É½ÓÊÜ
DROP ¡Ã¸Ã·â°üÖ±½Ó¶ªÆú£¬²»»áÈà client ¶ËÖªµÀΪºÎ±»¶ªÆú¡£
Ìí¼Ó¹ýÂ˹æÔò
iptables [-AI Á´] [-io ÍøÂç½Ó¿Ú] [-p tcp,udp] [-s À´Ô´IP/ÍøÓò] [--sport ¶Ë¿Ú·¶Î§] [-d Ä¿±êIP/ÍøÓò] [--dport ¶Ë¿Ú·¶Î§] -j [ACCEPT|DROP]
²ÎÊý¡Ã
--sport ¶Ë¿Ú·¶Î§¡ÃÏÞÖÆÀ´Ô´µÄ¶Ë¿ÚºÅÂ룬¶Ë¿ÚºÅÂë¿ÉÒÔÊÇÁ¬ÐøµÄ£¬ÀýÈç 1024:65535
--dport ¶Ë¿Ú·¶Î§¡ÃÏÞÖÆÄ¿±êµÄ¶Ë¿ÚºÅÂë¡£
ÀýÈ翪ÆôSSH¶Ë¿Ú
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
±£´æÅäÖÃ
service iptables save
The service iptables save command permanently saves the iptables
configuration in the /etc/sysconfig/iptables file. When the system
reboots, the iptables-restore program reads the configuration and makes
it the acti