我正在尝试在我的 VPS 上设置 iptable 规则,以便它将我的 IP 地址列入白名单并丢弃来自所有其他 IP 地址的所有数据包。但是,当我尝试这样做时,我失去了 SSH 连接。
我尝试通过为我的 IP 地址编写两个 ACCEPT 规则来实现这一点。然后更改 INPUT、OUTPUT 和 FORWARD 链以断开所有连接。
root@user:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@user:~# iptables -A INPUT -s [my_ip] -j ACCEPT
root@user:~# iptables -A OUTPUT -s [my_ip] -j ACCEPT
root@user:~# iptables -P FORWARD DROP
root@user:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- [my_ip] anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- [my_ip] anywhere
root@user:~# iptables -P INPUT DROP
root@user:~# iptables -P OUTPUT DROP
Connection reset by [VPS_ip] port 22
PS C:\Users\user_2> ssh root@[VPS_ip]
ssh: connect to host [VPS_ip] port 22: Connection timed out
答案1
以下行:
root@user:~# iptables -A OUTPUT -s [my_ip] -j ACCEPT
本来应该:
root@user:~# iptables -A OUTPUT -d [my_ip] -j ACCEPT