检查是否安装了iptables

1. service iptables status

安装iptables

1. yum install -y iptables

升级iptables

1. yum update iptables

安装iptables-services

1. yum install -y iptables-services

查看默认防火墙状态

1. firewall-cmd –state

停止firewall

1. systemctl stop firewalld.service

禁止firewall开机启动

1. systemctl disable firewalld.service

禁用firewalld服务

1. systemctl mask firewalld

查看iptables现有规则

1. iptables -L -n

先允许所有

1. iptables -P INPUT ACCEPT

清空所有默认规则

1. iptables -F

清空所有自定义规则

1. iptables -X

所有计数器归0

1. iptables -Z

禁止来自IPv4的所有HTTP/S访问请求

1. iptables -I INPUT -p tcp –dport 80 -j DROP
2. iptables -I INPUT -p tcp –dport 443 -j DROP

对Cloudflare CDN IPv4地址开放HTTP/S入站访问

1. for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp –dport 80 -j ACCEPT; done
2. for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp –dport 443 -j ACCEPT; done

禁止来自IPv6的所有HTTP/S访问请求

1. ip6tables -I INPUT -p tcp –dport 80 -j DROP
2. ip6tables -I INPUT -p tcp –dport 443 -j DROP

对Cloudflare CDN IPv6地址开放HTTP/S入站访问

1. for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp –dport 80 -j ACCEPT; done
2. for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp –dport 443 -j ACCEPT; done

保存iptables配置

1. iptables-save
2. ip6tables-save

保存规则（路径：/etc/sysconfig/iptables和ip6tables）

1. service iptables save
2. service ip6tables save

开启iptables服务

1. systemctl enable iptables.service
2. systemctl enable ip6tables.service

自动载入规则

1. chkconfig iptables on
2. chkconfig ip6tables on

开启服务

1. systemctl start iptables.service
2. systemctl start ip6tables.service

查看状态

1. systemctl status iptables.service
2. systemctl status ip6tables.service

重启iptables

1. systemctl restart iptables.service
2. systemctl restart ip6tables.service