変更前
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
10.0.0.0/16からの8080番ポートへのアクセスは許可する
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -s 10.0.0.0/16 -i eth0 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8080 -j REJECT
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- ip-10-0-0-0.ap-northeast-1.compute.internal/16 anywhere state NEW tcp dpt:webcache
REJECT tcp -- anywhere anywhere state NEW tcp dpt:webcache reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT tcp -- ip-10-0-0-0.ap-northeast-1.compute.internal/16 anywhere state NEW tcp dpt:webcache
3 REJECT tcp -- anywhere anywhere state NEW tcp dpt:webcache reject-with icmp-port-unreachable
消す
# iptables -F INPUT
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination