Linux禁用与开放端口操作记录
前言:445端口445端口在Windows 2000 Server或Windows Server 2003系统中提供局域网中文件或打印机共享服务。3389端口3389端口是Windows2000(2003)Server远程桌面的服务端口445与3389是黑客的最爱,所以服务器端尽量将其禁用。禁用端口iptables -I INPUT -p tcp –dport 3389
·
前言:
445端口
445端口在Windows 2000 Server或Windows Server 2003系统中提供局域网中文件或打印机共享服务。
3389端口
3389端口是Windows2000(2003)Server远程桌面的服务端口
445与3389是黑客的最爱,所以服务器端尽量将其禁用。
禁用端口
iptables -I INPUT -p tcp –dport 3389 -j DROP
iptables -I INPUT -p tcp –dport 445 -j DROP
iptables-save
iptables -L -n -v
开放端口将DROP改为 ACCEPT
[root@xxxx ~]# iptables -I INPUT -p tcp --dport 3389 -j DROP
[root@xxxx ~]# iptables -I INPUT -p tcp --dport 445 -j DROP
[root@xxxx ~]# iptables-save
# Generated by iptables-save v1.4.7 on Tue Jan 30 15:33:55 2018
*filter
:INPUT ACCEPT [425:61429]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2158:153874]
-A INPUT -p tcp -m tcp --dport 445 -j DROP
-A INPUT -p tcp -m tcp --dport 3389 -j DROP
COMMIT
# Completed on Tue Jan 30 15:33:55 2018
[root@xxxx ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 573 packets, 86206 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2651 packets, 195K bytes)
pkts bytes target prot opt in out source destination
[root@xxxx ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]更多推荐
3
0- 0
已为社区贡献1条内容
所有评论(0)