(2) deploying a Linux environment (Centos + Nginx + Tomcat + Mysql)-firewall configuration

(2) deploying a Linux environment (Centos + Nginx + Tomcat + Mysql)-firewall configuration

In my local testing practice, the following is a complete operating document for Centos + Nginx + Tomcat + Mysql on Linux. The record is as follows, we hope to give a systematic reference to programmers who want to build a Linux environment systematically. However, because most of the operations are recorded while being built, some omissions are inevitable. I still hope you will forgive me. If you have any questions or comments, please help me to point them out in the comments below. Thank you very much! In addition, many excellent practices on the Internet have been referenced during the entire construction process. They are marked at the end of the article or in other appropriate places. If necessary, you can refer to the reference link to read the reference Original article. This document consists of six parts and six articles:

1. (1) Linux environment deployment (Centos + Nginx + Tomcat + Mysql)-FTP Installation

2. (2) deploying the Linux environment (Centos + Nginx + Tomcat + Mysql)-firewall configuration

3. (3) deployment of the Linux environment (Centos + Nginx + Tomcat + Mysql)-deployment of the Nginx Environment

4. (4) Linux environment deployment (Centos + Nginx + Tomcat + Mysql)-install Tomcat and JDK and integrate Nginx with Tomcat

5. (5) Linux environment deployment (Centos + Nginx + Tomcat + Mysql)-Mysql Installation

6. (6) Linux environment deployment (Centos + Nginx + Tomcat + Mysql)-Summary of some common commands

(2) Firewall Configuration

View the Firewall Status:
/Etc/init. d/iptables status
Temporarily disable the Firewall:
/Etc/init. d/iptables stop
Disable firewall from starting when the system starts
/Sbin/chkconfig -- level 2345 iptables off
Restart iptables:
/Etc/init. d/iptables restart
In the file
/Etc/sysconfig/iptables
Add a line like this in the RH-Firewall-1-INPUT rule chain originally configured:
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 39764-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m udp-p udp -- dport 39764-j ACCEPT
If the original-j REJECT statement is found, the above two statements should be placed before it, otherwise it will not take effect.

Conclusion: All ports to be opened must be placed before the-j REJECT statement. Otherwise, it will not work.

See the following example: vi/etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

* Filter

: INPUTACCEPT [0: 0]

: FORWARDACCEPT [0: 0]

: OUTPUTACCEPT [0: 0]

-AINPUT-m state -- state ESTABLISHED, RELATED-j ACCEPT

-AINPUT-p icmp-j ACCEPT

-AINPUT-I lo-j ACCEPT

-AINPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT

-AINPUT-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT

-IINPUT-p tcp -- dport 21-j ACCEPT

-A input-j REJECT -- reject-with icmp-host-prohibited

-A forward-j REJECT -- reject-with icmp-host-prohibited

COMMIT

Effective after restart
Enable: chkconfig iptables on
Close: chkconfig iptables off or/sbin/chkconfig -- level 2345 iptables off

2) takes effect immediately and becomes invalid after restart
ServiceMethod
Enable: service iptables start
Disable: service iptables stop
IptablesMethod
View the Firewall Status:
/Etc/init. d/iptables status
Temporarily disable the Firewall:
/Etc/init. d/iptables stop
Restart iptables:
/Etc/init. d/iptables restart

Problem: If the firewall cannot be started, the status is not running. Check whether the/etc/sysconfig/iptables firewall initialization file exists. If not, initialize the Firewall:

Step 2: Log on to the centos System Using ssh or the root user with the highest permissions on the local machine, Run "iptables-F", and confirm. (No success prompt will be displayed after the command is confirmed .)

Step 2: Run the "service iptables save" command again and make sure that "iptables: Saving firewall rules to/etc/sysconfig/iptables: [OK]" is displayed. (This step is to run the iptables-F command in the first step of this article, but the command is successfully executed, but it has not yet taken effect, so we need to restart the firewall .)

Step 2: Run the "service iptables restart" command and make sure that the firewall is initialized and restarted when four OK buttons are displayed.

Step 2: Run the "/etc/init. d/iptables status" command to view information about the current centos firewall. After initialization, there are only two or three firewall rules by default. (You can directly use/etc/init. d/iptables without parameters, you can see all the parameters in the command as shown in, for example: {start | stop | restart | condrestart | status | panic | save }, parameters such as start, stop, and restart .)

You can copy the initialization example above.