An error occurred while configuring the firewall port in centos.

Problem: adding rules to the firewall always fails to enable ports.

(1) modify the file

First, VIM/etc/sysconfig/iptables

-A input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept (allow ports 5001 to 5009 to pass through the firewall)

Run/etc/init. d/iptables restart (restart the firewall to make the configuration take effect ).

Adding this sentence to the end of the file will make the port unavailable after the firewall is restarted.

(2) Solution

Add a new port rule under the default port 22 rule, and then restart the firewall to take effect. As follows:

# Firewall configuration written by system-config-Firewall
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
-A input-M state -- State established, related-J accept
-A input-p icmp-J accept
-A input-I lo-J accept
-A input-M state -- state new-m tcp-p tcp -- dport 22-J accept
-A input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept
-A input-J reject -- reject-with ICMP-host-prohibited
-A forward-J reject -- reject-with ICMP-host-prohibited
Commit
Where

: Input accept [0: 0]
# This rule indicates that the Default policy of the input table is accept.

: Forward accept [0: 0]
# This rule indicates that the default forward table policy is accept.

: Output accept [0: 0]
# This rule indicates that the Default policy of the output table is accept.

-A input-M state -- State established, related-J accept
# Indicates that the data packet that is allowed to enter can only be the response of the data packet that I just sent. Established: The established connection status. Related: The data packet is related to the data packet sent from the local machine.

-A input-I lo-J accept
# This allows all data communication between the local loopback interface and the input table. The-I parameter indicates the specified interface, the interface is Lo, And the loopback parameter indicates the local loopback interface)
-A input-J reject -- reject-with ICMP-host-prohibited
-A forward-J reject -- reject-with ICMP-host-prohibited
# The two indicate that all other packets that do not comply with any of the preceding rules are rejected in the input and forward tables. In addition, a host prohibited message is sent to the rejected host.
This is the default iptables policy. You can also delete this policy and create a policy that meets your needs.

Therefore, place-a input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept in the first line (before input accept ), because the Default policy is not set, it does not take effect.

Put-A input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept at the end, when you execute-A input-J reject -- reject-with ICMP-host-prohibited, the input table and the forward table only have 22, and the ports 5001 to 5009 added after the operation are rejected.

(3) Other methods

The command iptables-A input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept is the same as the preceding problem. The port cannot be enabled, -A is added before a row. You can use iptables-I input-M state -- state new-m tcp-p tcp -- dport 5001: 5009-J accept to succeed,-I

Is inserted in the front row.

You can also use the command system-config-firewall to start the graphical interface to add a port, such:

An error occurred while configuring the firewall port in centos.