If iptables is not installed, you can directly use Yum to install it.
yum install -t iptables
Check the status of the iptables service,
service iptables status
If "iptables: Firewall is not running" appears, it indicates that it is not started or has no rules.
Start the iptables service
service iptables start
Remove Default rules before the first configuration
# This must be done first, otherwise, iptables-P input accept # Clear all default rules iptables-F # Clear all custom rules iptables-X # Set the counter to 0 iptables-z
Configure rules
# Without this rule, you cannot access the local service through 127.0.0.1, for example, Ping 127.0.0.1 iptables-A input-I lo-J accept # enable SSH port 22 iptables-A input-P TCP -- dport 22-J accept # enable ftp port 21 iptables-A Input -p tcp -- dport 21-J accept # Enable Web Service port 80 iptables-A input-p tcp -- dport 80-J accept # Tomcat iptables-A input-p tcp -- dport 8080 -J accept # MySQL iptables-A input-p tcp -- dport XXXX-J accept # Allow ICMP packets to pass, that is to say, Ping iptables-A input-p icmp-m icmp -- ICMP-type 8-J accept # Allow all response packets for external requests # The external request of the local machine is equivalent to output, the returned data packet must be received. This is equivalent to inputting iptables-A input-M state -- State established-J accept # If you want to add Intranet IP address Trust (accept all TCP requests) iptables-A input-p tcp-s 45.96.174.68-J accept # command for blocking a single IP address is iptables-I input-s 222.34.135.106-J drop # command for blocking IP segments is: iptables-I input-s 211.1.0.0/16-J dropiptables-I input-s 211.2.0.0/16-J dropiptables-I input-s 211.3.0.0/16-J drop # command for the entire segment yes: iptables-I input-s 211.0.0.0/8-J drop # the command for sealing several segments is: iptables-I input-s 61.37.80.0/24-J dropiptables-I input-s 61.37.81.0/24-J drop # filter all requests with non-above rules iptables-P input drop
Save and restart
service iptables saveservice iptables restart
Centos6.4 configure iptables