Linux firewall on 80 port for permanent storage

Friends who often use CentOS may encounter the same problems as me. The firewall is turned on and the 80 port is inaccessible, and the friend who just started learning CentOS can refer to it.

Friends who often use CentOS may encounter the same problems as me. The recent installation of the ORACLE database under the Linux CentOS Firewall has led to the failure of the EM installation due to the network port and the intention of shutting down the CentOS firewall first. Accidentally see the configuration of the CentOS firewall operation instructions, feel good. Execute the "Setup" command to start the text mode configuration Utility, select "Firewall Configuration" in "Select a tool", then select the "Run Tool" button, the CentOS firewall configuration interface, "Security level" set to "disabled", and then choose OK.

After restarting the computer, the CentOS firewall defaults to 80 and 22 ports

Description: CentOS is a branch of the Linux family.

CentOS firewall in the virtual machine CentOS installed good Apache can not be used, depressed, the solution is as follows

 - -j ACCEPT

Then Save:

/etc/rc.d/init.d/iptables Save

CentOS 5.3, more than 5.4 versions are required
Service Iptables Save
To implement the save to configuration file.
The CentOS firewall has already opened 80 and 22 ports by default after restarting the computer.
The command line is,/etc/rc.d/init.d/iptables save

VI if modified, execute service iptables restart

Restart the firewall to save.

Modify many times prompt error, so complex a copy to directly save. Examples are as follows:

# Generated by Iptables-save v1.4.7On Tue Sep One  -: in: One  -*filter:input ACCEPT [310:96058]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [131:96829]  -A input-i eth0-p tcp-m TCP--sport1024x768:65535--dport the-M state--state new,established-J ACCEPT-A input-i eth0-p tcp-m TCP--sport1024x768:65535--dport1010-M state--state new,established-J ACCEPT-A input-i eth0-p udp-m UDP--sport123-M state--state established-J ACCEPT-A input-i eth0-p tcp-m TCP--sport --M state--state established-J ACCEPT-A input-i eth0-p tcp-m TCP--sport1024x768:65535--dport3306-M state--state new,established-J ACCEPT-A output-o etho-p tcp-m TCP--sport the--dport1024x768:65535-M state--state established-J ACCEPT-A output-o eth0-p udp-m UDP--dport123-M state--state new,established-J ACCEPT-A output-o eth0-p tcp-m TCP--dport --M state--state new,established-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport3690-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport27017-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport1010-J ACCEPT-A input-m state--state new-m tcp-p TCP--dport11211-J ACCEPT COMMIT # completed on Tue Sep One  -: in: One  -

This should also be done without restarting the computer:

The CentOS firewall shuts down and shuts down its service:

View the CentOS Firewall information:/etc/init.d/iptables status

Turn off the CentOS Firewall service:/etc/init.d/iptables stop

Permanently closed? Do not know how a permanent method:

35

The above content is for the older version of CentOS, the following is based on the new version.

This will deny all access to CentOS 5.3 system data, in addition to Chain Rh-firewall-1-input (2 references) rules, hehe.

Configured with a command iptables must also be service iptables save to save to the configuration file.

Cat/etc/sysconfig/iptables can view firewall iptables configuration file contents

# Generated by Iptables-save v1.3.5On Sat APR -  -:Wuyi: - 2001*filter:input DROP [0:0]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [1513:149055]: RH-firewall-1-input-[0:0] -A input-j rh-firewall-1-INPUT-A forward-j rh-firewall-1-INPUT-A rh-firewall-1-input-i Lo-J ACCEPT-A rh-firewall-1-input-p icmp-m ICMP--icmp-type any-J ACCEPT-A rh-firewall-1-input-p ESP-J ACCEPT-A rh-firewall-1-input-p AH-J ACCEPT-A rh-firewall-1-input-d224.0.0.251-P udp-m UDP--dport5353-J ACCEPT-A rh-firewall-1-input-p udp-m UDP--dport631-J ACCEPT-A rh-firewall-1-input-p tcp-m TCP--dport631-J ACCEPT-A rh-firewall-1-input-m State--state related,established-J ACCEPT-A rh-firewall-1-input-p tcp-m State--state new-m TCP--dport A-J ACCEPT-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited COMMIT # completed on Sat APR -  -:Wuyi: - 2001

Additionally add:
CentOS Firewall Configuration 80 port
Read several page content is wrong, the following is the correct method:

 -J Accept # -j Accept

Then Save:

#/etc/rc.d/init.d/iptables Save

Check to see if it already has:

[Email protected] ~]#/etc/init.d/iptables status Table:filter Chain INPUT (policy ACCEPT) num Target prot opt source destination1ACCEPT UDP--0.0.0.0/0 0.0.0.0/0UDP DPT: the 2ACCEPT TCP--0.0.0.0/0 0.0.0.0/0TCP DPT: the 3rh-firewall-1-input All--0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy ACCEPT) num Target prot opt source destination1rh-firewall-1-input All--0.0.0.0/0 0.0.0.0/0

* Set Iptables to auto start

2345

It may be because the version you are using is different, and all of the methods are used slightly differently.

The rules established by the Iptables command are temporarily saved in memory. If the system restarts before these rules are permanently saved, all rules that are set will be lost. If you want the rules set by the iptables to remain in effect after the next reboot of the system, you will need to permanently save these rules to execute as root:

/sbin/service iptables Save

This action executes the Iptables initialization script, which runs the/sbin/iptables-save program and updates the current iptables configuration file/etc/sysconfig/iptables.

The original configuration file will be saved as Iptables.save.

The next time the system starts, the Iptables initialization script will use the/sbin/iptables-restore command to reread the contents of the/etc/sysconfig/iptables file.

Therefore, a better approach is to check the rule before committing a new iptables rule to the/etc/sysconfig/iptables file. You can also apply iptables configuration files from other versions of the system to this. This helps distribute the configuration file to multiple Linux hosts.

Note: If the/etc/sysconfig/iptables file is distributed, each system executes/sbin/service iptables Restart command to make the rule effective.

From the article, it is not easy to use the above method to solve the problem of saving iptables firewall rules. Share it with your friends!

vi/etc/sysconfig/ -3306 -J ACCEPT (Allow port 3306 via firewall) Special Note: Many netizens add these two rules to the last line of the firewall configuration, causing the firewall to fail to start, the correct one should be added to the default 22 port under this rule

After adding the firewall rules as follows:

###################################### # Firewall configuration written by System-config-Firewall # Manual customization of ThisFile isNot recommended.*filter:input ACCEPT [0:0]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [0:0] -A input-m state–state established,related-J ACCEPT-A input-p ICMP-J ACCEPT-A input-i lo-J ACCEPT-A input-m state–state new-m tcp-p tcp–dport A-J ACCEPT-A input-m state–state new-m tcp-p tcp–dport the-J ACCEPT-A input-m state–state new-m tcp-p tcp–dport3306-J ACCEPT-A input-j Reject–reject-with icmp-host-prohibited-A forward-j Reject–reject-with icmp-host-prohibited COMMIT #####################################/etc/init.d/iptables Restart #最后重启防火墙使配置生效

Linux firewall on 80 port for permanent storage