我的 centos 7 服务器上运行着 iptables,我想阻止机器人,我使用这个命令
iptables -A INPUT -s 70.42.131.0/24 -j DROP;
这通常应该阻止这个范围 70.42.131.0/24,但是当我尝试使用我的 IP 访问网站时,我无法访问它,并且当我从所有地方添加 ACCEPT tcp 时,被阻止的 ip 可以访问该网站现在我很困惑,如果我阻止了一个范围,我应该从所有地方删除 ACCEPT 还是应该删除它或者 iptables 依赖于 TABLE 行号才能生效?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT gre -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere
DROP tcp -- anywhere static.76.1.16.24.clients.your-server.de tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:domain