Yesterday to help a friend to configure the CentOS server, a first for the convenience of testing directly shut the firewall, and then need to configure a firewall, the Internet to find a few firewall rules have errors, and later found that bloggers are not serious post, there are too many character errors, the following is my collation of the Pro-Test available The configuration process for the firewall rules:
Modify Iptables-config
First modify a configuration entry for the Iptables-config file
$ vi /etc/sysconfig/iptables-config
Change the last line IPTABLES_MODULES="ip_conntrack_ftp"
of the file #IPTABLES_MODULES="ip_conntrack_ftp"
to comment out the line configuration item
Add rule
$ vi /etc/sysconfig/iptables
*filter:input Accept [0:0]:forward Accept [0:0]:output Accept [5:564]:rh-firewall-1-input-[0:0]-] A INPUT -P tcp-m TCP--dport 3306 -j ACCEPT - A input -j RH-Firewall-1-input - A FORWARD -j RH-Firewall-1-INPUT - A RH-Firewall-1-INPUT -i lo-j ACCEPT - A RH-Firewall-1-INPUT -P icmp-m ICMP--icmp-type any-j ACCEPT - A RH-Firewall-1-INPUT -P esp-j ACCEPT - A RH-Firewall-1-INPUT -P ah-j ACCEPT - A RH-Firewall-1-INPUT -M state--state related, established -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport -j ACCEPT - A RH-Firewall-1-INPUT -P udp-m State--state NEW -m UDP --dport-j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP --dport-j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP--dport 8080 -j ACCEPT - A RH-Firewall-1-INPUT -P tcp-m State--state NEW -M TCP-- Dport 443 -j ACCEPT - A RH-Firewall-1-INPUT -j REJECT -- Reject-with icmp-host-prohibitedCOMMIT
Already contains 3306 ports of MySQL database and 8080 ports of Tomcat, optionally adding and removing ports as needed.
CentOS Configuration Firewall