iptable 不阻止端口 80,规则不起作用

tag-icon tag-icon iptables
iptable 不阻止端口 80,规则不起作用

我已经将 iptable 配置为阻止端口 80,但我仍然可以从机器外部访问端口 80,这是为什么?顺便说一下,我已经测试了 ssh 22,如果我不是来自网络 192.168.111.0/24,那么规则就可以正常工作,但对于 http 80 根本不起作用,

这是我的简单规则:

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8 state NEW,RELATED,ESTABLISHED
2    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID reject-with icmp-port-unreachable
3    ACCEPT     tcp  --  192.168.111.0/24     0.0.0.0/0            tcp dpt:22 ctstate NEW,ESTABLISHED
5    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 reject-with icmp-port-unreachable
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0 state RELATED,ESTABLISHED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:22 ctstate ESTABLISHED
3    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            state NEW reject-with icmp-port-unreachable

相关内容