进入Linux 命令行，编辑防火墙规则配置文件 iptables

vi /etc/sysconfig/iptables

下面是一个白名单设置的例子：

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-N whitelist

-A whitelist -s 10.202.106.1 -j ACCEPT

-A whitelist -s 10.202.106.2 -j ACCEPT

-A whitelist -s 10.202.106.3 -j ACCEPT

-A whitelist -s 10.202.106.4 -j ACCEPT

-A whitelist -s 10.202.106.5 -j ACCEPT

-A whitelist -s 10.202.106.6 -j ACCEPT

-A whitelist -s 10.202.106.7 -j ACCEPT

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4750 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j whitelist

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

其中设置白名单的部分为：

-N whitelist

-A whitelist -s 10.202.106.1 -j ACCEPT

-A whitelist -s 10.202.106.2 -j ACCEPT

-A whitelist -s 10.202.106.3 -j ACCEPT

-A whitelist -s 10.202.106.4 -j ACCEPT

-A whitelist -s 10.202.106.5 -j ACCEPT

-A whitelist -s 10.202.106.6 -j ACCEPT

-A whitelist -s 10.202.106.7 -j ACCEPT

使用白名单规则使用 j 参数指定：

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j whitelist

以上这篇Linux下设置防火墙白名单(RHEL 6和CentOS 7)的步骤就是小编分享给大家的全部内容了，希望能给大家一个参考，也希望大家多多支持脚本之家。