Configure CentOS firewall and centos Firewall

Configure CentOS firewall and centos Firewall

Yesterday, I helped my friend configure the CentOS server. At the beginning, I shut down the firewall for convenience of testing. Then I needed to configure the firewall. I found several firewall rules on the Internet with errors, later I found that the post by the blogger was not serious and there were too many character errors. below is my summaryTest availabilityFirewall rule configuration process:

Modify iptables-config

First, modify a configuration item in the iptables-config file.

$ vi /etc/sysconfig/iptables-config

Put the last line of the fileIPTABLES_MODULES="ip_conntrack_ftp"Change#IPTABLES_MODULES="ip_conntrack_ftp", That is, comment out the configuration line

Add Rules

$ vi /etc/sysconfig/iptables

*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [5:564]:RH-Firewall-1-INPUT - [0:0]-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT

It already contains Mysql database port 3306 and Tomcat port 8080. You can add or delete ports as needed.