以下规则适用于 iptables 中的 ipv4 地址,但在 ip6tables 中使用相同规则不起作用。目前所有 ipv6 地址都被阻止。此规则集应允许从单个 ip 2500:1017:b91a:97e5:53e8:7700:b09b:b93 进行 https 访问
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all lo any anywhere anywhere
0 0 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp any any 2500:1017:b91a:97e5:53e8:7700:b09b:b93 anywhere tcp dpt:https
0 0 DROP tcp any any anywhere anywhere tcp dpt:https
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
编辑:
我一直在玩这个,iptables -A 输入 -p tcp --dport 443 -j DROP iptables 中的 ip6 连接也会影响,从我所读的内容来看,我认为 iptables 只会影响 IP4 连接。