针对ip某个端口范围
iptabels -A INPUT -p tcp -s 192.168.0.1 –dport 1024:65535-j ACCEPT
iptables -A OUTPUT -p tcp –sport 1024:65535 -d 192.168.0.1 -j ACCEPT
针对端口的某个网段
iptables -A INPUT -p tcp -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.0.0/24 –dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 192.168.0.0/24 –dport 21 -j ACCEPT
针对某个端口的某个网段
iptables -A INPUT -p tcp -s 10.10.11.0/24 –dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -s 10.10.11.0/24 –dport 1024:65535 -j ACCEPT
你所说的内网,就看你在哪个网段了,修改192.168.0.0即可
针对某个网段
/etc/sysconfig/iptables
-A INPUT -p tcp -m state –state NEW -m tcp -s 10.10.11.0/24 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp -s 10.10.11.0/24 -j ACCEPT