Aliyun CentOS Configuration iptables Firewall

Source: Internet
Author: User
Tags centos iptables aliyun


Although Aliyun launched the Cloud Shield service, but it is always safer to add a layer of firewall, the following is my Aliyun VPS on the process of configuring the firewall, currently only configure input. Both output and ForWord are accept rules.

First, check the Iptables service status

First check the status of the Iptables service


[Root@woxplife ~]# service iptables status
Iptables:firewall is not running.
Indicates that the Iptables service is installed, but the service is not started.
If not installed, you can yum the installation directly

Yum install-y iptables

Start iptables

[Root@woxplife ~]# service iptables start
iptables:applying firewall rules: [OK]

Take a look at the current iptables configuration


[Root@woxplife ~]# iptables-l-N

Second, clear the default firewall rules


#首先在清除前要将policy input changed to accept, to accept all requests.
#这个一定要先做, or it might be a tragedy when you empty it.
Iptables-p INPUT ACCEPT
#清空默认所有规则
Iptables-f
#清空自定义的所有规则
Iptables-x
#计数器置0
Iptables-z

III. Configuration Rules


#允许来自于lo接口的数据包
#如果没有此规则, you will not be able to access local services via 127.0.0.1, such as Ping 127.0.0.1
Iptables-a input-i lo-j ACCEPT
#ssh端口22
Iptables-a input-p TCP--dport 22-j ACCEPT
#FTP端口21
Iptables-a input-p TCP--dport 21-j ACCEPT
#web服务端口80
Iptables-a input-p TCP--dport 80-j ACCEPT
#tomcat
Iptables-a input-p TCP--dport xxxx-j ACCEPT
#mysql
Iptables-a input-p TCP--dport xxxx-j ACCEPT
#允许icmp包通过, which is to allow Ping
Iptables-a input-p icmp-m ICMP--icmp-type 8-j ACCEPT
#允许所有对外请求的返回包
#本机对外请求相当于OUTPUT, the return packet must be received, which is equivalent to the input of the
Iptables-a input-m State--state established-j ACCEPT
#如果要添加内网ip信任 (Accept all of its TCP requests)
Iptables-a input-p tcp-s 45.96.174.68-j ACCEPT
#过滤所有非以上规则的请求
Iptables-p INPUT DROP
#要封停一个IP, use the following command:

Iptables-i input-s ***.***.***.***-j DROP

#要解封一个IP, use the following command:

iptables-d input-s ***.***.***.***-j DROP

IV. Preservation

First Iptables-l-N to see if the configuration is correct.
No problem, do not hurry to save, because not save is currently valid, restart does not take effect, so in case of any problems, you can force the background to restart Server recovery settings.
Open an SSH connection and make sure you can log in.

Make sure you save after no problem

#保存
[Root@woxplife ~]# Service Iptables Save
#添加到自启动chkconfig
[Root@woxplife ~]# chkconfig iptables on
Modify Firewall port: Modify/etc/sysconfig/iptables File

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.