检查是否安装了iptables
service iptables status

安装iptables

升级iptables
yum update iptables

安装iptables-services
yum install -y iptables-services

查看默认防火墙状态
firewall-cmd –state

停止firewall
systemctl stop firewalld.service

禁止firewall开机启动
systemctl disable firewalld.service

禁用firewalld服务
systemctl mask firewalld

查看iptables现有规则
iptables -L -n

先允许所有
iptables -P INPUT ACCEPT

清空所有默认规则
iptables -F

清空所有自定义规则
iptables -X

所有计数器归0
iptables -Z

禁止来自IPv4的所有HTTP/S访问请求
iptables -I INPUT -p tcp –dport 80 -j DROP
iptables -I INPUT -p tcp –dport 443 -j DROP

对Cloudflare CDN IPv4地址开放HTTP/S入站访问
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp –dport 80 -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp –dport 443 -j ACCEPT; done

禁止来自IPv6的所有HTTP/S访问请求
ip6tables -I INPUT -p tcp –dport 80 -j DROP
ip6tables -I INPUT -p tcp –dport 443 -j DROP

对Cloudflare CDN IPv6地址开放HTTP/S入站访问
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp –dport 80 -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp –dport 443 -j ACCEPT; done

保存iptables配置
iptables-save
ip6tables-save

保存规则（路径：/etc/sysconfig/iptables和ip6tables）
service iptables save
service ip6tables save

开启iptables服务
systemctl enable iptables.service
systemctl enable ip6tables.service

自动载入规则
chkconfig iptables on
chkconfig ip6tables on

开启服务
systemctl start iptables.service
systemctl start ip6tables.service

查看状态
systemctl status iptables.service
systemctl status ip6tables.service

重启iptables
systemctl restart iptables.service
systemctl restart ip6tables.service

更多方法：https://cangshui.net/4289.html