使用 iptables 阻止从特定 TCP 端口到其他特定 TCP 端口的流量

Question

它与目标端口非常相似。如果您使用--dport目标端口，则还必须指定--sport源端口

man iptables-extensions

   tcp
   These extensions can be used if  `--protocol  tcp'  is  specified.  It  provides  the  following
   options:


   [!] --source-port,--sport port[:port]
          Source port or port range specification. This can either be a service name or a port num‐
          ber. An inclusive range can also be specified, using the format first:last.  If the first
          port  is  omitted,  "0"  is  assumed; if the last is omitted, "65535" is assumed.  If the
          first port is greater than the second one they will be swapped.  The flag  --sport  is  a
          convenient alias for this option.

   ...

Answer 1

它与目标端口非常相似。如果您使用--dport目标端口，则还必须指定--sport源端口

man iptables-extensions

   tcp
   These extensions can be used if  `--protocol  tcp'  is  specified.  It  provides  the  following
   options:


   [!] --source-port,--sport port[:port]
          Source port or port range specification. This can either be a service name or a port num‐
          ber. An inclusive range can also be specified, using the format first:last.  If the first
          port  is  omitted,  "0"  is  assumed; if the last is omitted, "65535" is assumed.  If the
          first port is greater than the second one they will be swapped.  The flag  --sport  is  a
          convenient alias for this option.

   ...

使用 iptables 阻止从特定 TCP 端口到其他特定 TCP 端口的流量

答案1

相关内容