Enable iptables firewall for CentOS and iptables for centos
In fact, these things should be clearly written as soon as they are completed. They have been written for a long time. Maybe they have not been written in some places. I hope to see the kids shoes for help and I will update them again, if any error occurs, please criticize and correct it.
I used iptables as a firewall before 7.0 and firewall after 7.0. I don't know why, but most people use iptables, so I also use it.
1. Disable firewall
1 // stop firewall2 sudo systemctl stop firewalld. service3 // disable firewall startup 4 sudo systemctl disable firewalld. serviceView Code
2. Install the iptables firewall.
1. Install
1 // install 2 sudo yum install iptables-servicesView Code
2. Configuration
1 // edit iptables, use sudo 2 vi/etc/sysconfig/iptables 3 // file content 4 # Firewall configuration written by system-config-firewall 5 # Manual customization of this file is not recommended. 6 * filter 7: input accept [0: 0] 8: forward accept [0: 0] 9: output accept [0: 0] 10-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT11-a input-p icmp-j ACCEPT12-a input-I lo-j ACCEPT13-A INPUT-m state -- State NEW-m tcp-p tcp -- dport 22-j ACCEPT14-a input-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT15-a input- j REJECT -- reject-with icmp-host-prohibited16-a forward-j REJECT -- reject-with icmp-host-prohibited17 COMMIT18 // save file 19 C + C and then: wq exit-> due to the habit of emacs, the C here represents Ctrl, And so C + C is actually Ctrl + C, which will be easy to write in the future. 20 // restart the firewall to make the configuration take effect 21 sudo systemctl restart iptables. service22 // set the firewall to start up 23 sudo systemctl enable iptables. serviceView Code
OK. Now, your iptables has been configured. If you want to add a port later, proceed to the next step.
3. open ports
1 // replace * with the port number you want to open 2/sbin/iptables-I INPUT-p tcp -- dport *-j ACCEPT3 // Save the configuration 4/etc/rc. d/init. d/iptables save5 // view the changed iptables6/etc/init. d/iptables status7 // restart iptables8 sudo service iptables restartView Code
Well, these are some basic configurations related to iptables. I hope you can tell me something that is difficult.
Reprinted please note
Author: Spring of Li xiao'er
Address: http://www.cnblogs.com/LittleTwoLee/p/5048771.html