CentOS firewall settings are readily remembered

1. Install iptables Firewall
How do you know if the system has Iptables installed? Perform iptables-v, if shown as:
Iptables v1.3.5
Indicates that Iptables has been installed.
If you do not install iptables you need to install it first, execute:
Yum Install Iptables

To set up a firewall in Linux, for example CentOS, open the iptables configuration file:
Vi/etc/sysconfig/iptables
The/etc/init.d/iptables status command is used to query whether there are 80 ports open, if there are no two ways to handle them:
1. Modify the Vi/etc/sysconfig/iptables command to add a firewall open 80 port
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT

2. Turn off/On/restart the firewall
/etc/init.d/iptables stop #start turn on #restart restart

3. Permanently shut down the firewall
Chkconfig--level iptables off/etc/init.d/iptables stop iptables-p INPUT DROP

4. Open Active mode 21 port
Iptables-a input-p TCP--dport 21-j ACCEPT

5. Open the port between passive mode 49152~65534
Iptables-a input-p TCP--dport 49152:65534-j ACCEPT
Iptables-a input-i lo-j ACCEPT
Iptables-a input-m State--state established-j ACCEPT

Restart iptables after all modifications are completed:
Service Iptables Restart
You can verify that the rules are already in effect:
Iptables-l
Through the introduction of the article, we clearly know the CentOS configuration iptables firewall process, I hope you can master it!

2. Clear existing iptables rules
Iptables-f to clear all rule chains in the preset table filter
Iptables-x Clear Preset table rules in user-defined chains in filter
Iptables-z
3, open the specified port
#允许本地回环接口 (that is, running native access to this machine)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# allow established or connected passes
Iptables-a input-m state–state established,related-j ACCEPT
#允许所有本机向外的访问
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp–dport 22-j ACCEPT
#允许访问80端口
Iptables-a input-p tcp–dport 80-j ACCEPT
#允许FTP服务的21和20端口
Iptables-a input-p tcp–dport 21-j ACCEPT
Iptables-a input-p tcp–dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, and you can modify the above statements slightly.
#禁止其他未允许的规则访问
Iptables-a input-j REJECT (Note: If the 22 port does not join the Allow rule, the SSH link will be disconnected directly.) ）
Iptables-a forward-j REJECT
Once executed, these configurations are as if they were configured with a command, and the restart is useless. You must execute the following command to save.
/etc/rc.d/init.d/iptables Save
4. Shielded IP
#如果只是想屏蔽IP的话 "3, open specified port" can be skipped directly.
#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 command
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 command
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 command is
Iptables-i input-s 123.45.6.0/24-j DROP
5. View the iptables rules that have been added
Iptables-l-N
V: Show details, including the number of matched packets per rule and the number of matching bytes
X: Disables automatic unit conversions (K, M) on a v basis
N: Show only IP address and port number, do not resolve IP to domain name
6. Delete the iptables rule that has been added
Displays all iptables as an ordinal tag, executing:
Iptables-l-n–line-numbers
For example, to delete the rule with the number 8 in input, execute:
Iptables-d INPUT 8
7, iptables boot and rule save
CentOS may exist after installing the iptables, Iptables does not boot from the boot, you can execute:
Chkconfig–level 345 iptables on
Add it to boot.
CentOS can be performed: Service iptables save the rule.

This article is from the "Boyhack" blog, make sure to keep this source http://461205160.blog.51cto.com/274918/1744625

CentOS firewall settings are readily remembered