我已经将 iptable 配置为阻止端口 80,但我仍然可以从机器外部访问端口 80,这是为什么?顺便说一下,我已经测试了 ssh 22,如果我不是来自网络 192.168.111.0/24,那么规则就可以正常工作,但对于 http 80 根本不起作用,
这是我的简单规则:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 state NEW,RELATED,ESTABLISHED
2 REJECT all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID reject-with icmp-port-unreachable
3 ACCEPT tcp -- 192.168.111.0/24 0.0.0.0/0 tcp dpt:22 ctstate NEW,ESTABLISHED
5 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 reject-with icmp-port-unreachable
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 state NEW reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 state RELATED,ESTABLISHED
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22 ctstate ESTABLISHED
3 REJECT all -- 0.0.0.0/0 0.0.0.0/0 state NEW reject-with icmp-port-unreachable