CentOS Configuration Firewall

Yesterday to help a friend to configure the CentOS server, a first for the convenience of testing directly shut the firewall, and then need to configure a firewall, the Internet to find a few firewall rules have errors, and later found that bloggers are not serious post, there are too many character errors, the following is my collation of the Pro-Test available The configuration process for the firewall rules:

Modify Iptables-config

First modify a configuration entry for the Iptables-config file

$ vi /etc/sysconfig/iptables-config

Change the last line IPTABLES_MODULES="ip_conntrack_ftp" of the file #IPTABLES_MODULES="ip_conntrack_ftp" to comment out the line configuration item

Add rule

$ vi /etc/sysconfig/iptables

*filter:input Accept [0:0]:forward Accept [0:0]:output Accept [5:564]:rh-firewall-1-input-[0:0]-] A INPUT -P tcp-m TCP--dport 3306 -j ACCEPT - A input -j RH-Firewall-1-input - A FORWARD -j RH-Firewall-1-INPUT - A RH-Firewall-1-INPUT -i lo-j ACCEPT - A RH-Firewall-1-INPUT -P icmp-m ICMP--icmp-type any-j  ACCEPT - A RH-Firewall-1-INPUT -P esp-j ACCEPT - A RH-Firewall-1-INPUT -P ah-j ACCEPT - A RH-Firewall-1-INPUT -M state--state related, established -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport  -j ACCEPT - A RH-Firewall-1-INPUT -P udp-m State--state NEW -m UDP  --dport-j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport  -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP  --dport-j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport  -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP--dport 8080 -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport 443 -j ACCEPT - A RH-Firewall-1-INPUT -j REJECT -- Reject-with icmp-host-prohibitedCOMMIT

Already contains 3306 ports of MySQL database and 8080 ports of Tomcat, optionally adding and removing ports as needed.

CentOS Configuration Firewall