sudo iptables -A INPUT -p tcp --destination-port 80 -j DROP
看来这条规则并没有阻止来自子网(10.0.0.*)的互联网流量
阻止 ssh 和 ftp 效果很好..
iptables 目录
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP tcp -- anywhere anywhere tcp dpt:ftp
2 DROP tcp -- anywhere anywhere tcp dpt:ssh
3 DROP tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
答案1
请检查 ipv6 是否被禁用。有 ip6tables。需要单独设置 ipv6 防火墙规则。
尝试禁用 ipv6 并查看 iptables 规则是否适用:net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1