Configure the Cento6.4 iptables firewall.
1. View firewall status
# Service Iptables Status
Or:
#/etc/init.d/iptables Status
Description: This method can also be manipulated below.
2. Turn off/ turn on/reboot the firewall
# service Iptables Stop
# service iptables start
# service Iptables restart
4. Permanently shut down the firewall
# chkconfig--level iptables off
Then reboot the system to make it effective:
# Shutdown-r Now
5. Set open 80 port access
> View firewall status First:
[Root@localhost nginx]# service iptables status
Table:filter
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 ACCEPT All--0.0.0.0/0 0.0.0.0/0 State related,established
2 ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
3 ACCEPT All--0.0.0.0/0 0.0.0.0/0
4 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
5 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (Policy ACCEPT)
Num Target prot opt source destination
1 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (Policy ACCEPT)
Num Target prot opt source destination
> Set 80 port (or manually modify/etc/sysconfig/iptables)
[Root@localhost ~]#/sbin/iptables-i input-p tcp--dport 80-j ACCEPT
You have new mail in/var/spool/mail/root
> Save Settings
[Root@localhost ~]#/etc/rc.d/init.d/iptables Save
iptables:saving firewall rules to/etc/sysconfig/iptables: [OK]
> View firewall status again
[Root@localhost ~]# service iptables status
Table:filter
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 TCP dpt:80
2 ACCEPT All--0.0.0.0/0 0.0.0.0/0 State related,established
3 ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
4 ACCEPT All--0.0.0.0/0 0.0.0.0/0
5 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
6 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (Policy ACCEPT)
Num Target prot opt source destination
1 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (Policy ACCEPT)
Num Target prot opt source destination
> Set 80 Port--Modify/etc/sysconfig/iptables configuration file
[Root@localhost ~]# Vi/etc/sysconfig/iptables
# Add the following content
-A input-p tcp-m State--state new-m TCP--dport 80-j ACCEPT
Finally reboot the firewall for the configuration to take effect.
--------------------------------------------------------------------------------------------------------------- ----------------------