Common commands of iptables firewall in CentOS Linux

Iptables-F # Allow packets from port 22 to enter iptables-AINPUT-ptcp -- dport22-jACCEPT # Allow packets from port 22 to return iptables-AOUTPUT-ptcp -- sport22-mstate -- stateESTABLISHED-jACCEPTiptables-AOUTPUT- pudp -- dp Iptables-F

# Allow package entry from port 22

Iptables-a input-p tcp -- dport 22-j ACCEPT

# Return of packets allowed to enter from port 22

Iptables-a output-p tcp -- sport 22-m state -- stateESTABLISHED-j ACCEPT

Iptables-a output-p udp -- dport 53-j ACCEPT

Iptables-a input-p udp -- sport 53-j ACCEPT

# Allow local access to the local machine

Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT

Iptables-a output-s 127.0.0.1-d 127.0.0.1-j ACCEPT

# Allow all IP addresses to access port 80

Iptables-a input-p TCP/IP 0/0 -- dport 80-j ACCEPT

Iptables-a output-p tcp -- sport 80-m state -- stateESTABLISHED-j ACCEPT

# Save configuration

Iptables-save>/etc/sysconfig/iptables

Iptables-L
Command and configuration file

/Etc/sysconfig/iptables
Service iptables restart
# Start
# Restart
Permanently disable the firewall chkconfig? Level 35 iptables off

// ================================================ ======================================

CentOS 5.2 firewall settings

For example, enable port 80.
Run the/etc/init. d/iptables status command to check whether port 80 is enabled. if port 80 is not enabled, you can use either of the following methods:
1. modify the vi/etc/sysconfig/iptables command to add the firewall to open port 80
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 80-j ACCEPT
2. disable the firewall
/Etc/init. d/iptables stop
# Start
# Restart
Permanently disable the firewall chkconfig? Level 35 iptables off

/Etc/init. d/iptables stop
Iptables-P INPUT DROP
# Enable port 21 in active mode
Iptables-a input-p tcp? Dport 21-j ACCEPT
# Enable passive mode 49152 ~ Port 65534
Iptables-a input-p tcp? Dport 49152: 65534-j ACCEPT
Iptables-a input-I lo-j ACCEPT
Iptables-a input-m state? State ESTABLISHED-j ACCEPT

// ================================================ ========================================================== ======================================

Next we will set up the firewall:

Open the iptables configuration file:
Vi/etc/sysconfig/iptables

Note:
Be sure to leave a path for yourself and leave a VNC management port and an SSh management port.

The following is an example of iptables:

# Firewall configuration written bysystem-config-securitylevel
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: RH-Firewall-1-INPUT? [0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp? Icmp-type any-j ACCEPT
-An RH-Firewall-1-INPUT-p 50-j ACCEPT
-An RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State ESTABLISHED, RELATED-jACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 53-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m udp-p udp? Dport 53-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 22-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 25-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 80-j ACCEPT
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 443-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT? Reject-withicmp-host-prohibited
COMMIT

You must modify the file based on your server.

For example, if you do not want to open port 80 to provide web services, delete the line accordingly:
-A RH-Firewall-1-INPUT-m state? State NEW-m tcp-p tcp? Dport 80-j ACCEPT

After all the modifications, restart iptables:

Service iptables restart

You can verify whether all rules have taken effect:

Iptables-L

If you like this article (press Ctrl + D to quickly add it to favorites ).