Tutorial on setting up CentOS firewall iptables in Linux

Source: Internet
Author: User
Tags ssh centos iptables to domain firewall

1. Install iptables Firewall

How do I know if the system has iptables? Perform iptables-v if shown as:

Iptables v1.3.5

The instructions have been installed iptables.
If you do not install iptables, you need to install it first, execute:

Yum Install Iptables


Set up firewalls in Linux, take CentOS as an example, and open the Iptables configuration file:


Vi/etc/sysconfig/iptables
Query for open 80 ports through the/etc/init.d/iptables status command if there are no two ways to handle:

1. Modify the Vi/etc/sysconfig/iptables command to add the firewall to open 80 ports


-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT
2. Turn off/Turn on/reboot the firewall


/etc/init.d/iptables Stop #start Open #restart reboot
3. Permanently shut down the firewall


Chkconfig--level iptables off/etc/init.d/iptables stop iptables-p INPUT DROP
4. Open Active mode 21 port


Iptables-a input-p TCP--dport 21-j ACCEPT
5. Open the port between passive mode 49152~65534


Iptables-a input-p TCP--dport 49152:65534-j ACCEPT
Iptables-a input-i lo-j ACCEPT
Iptables-a input-m State--state established-j ACCEPT

Restart iptables after all modifications are completed:

Service Iptables Restart

You can verify that the rules are in effect:

Iptables-l

Through the introduction of the article, we clearly know the CentOS to configure the process of Iptables firewall, I hope everyone can master it!


2. Clear existing iptables rules

IPTABLES-F rules for clearing all rule chains in a preset table filter
Iptables-x clears rules from user-defined chains in preset table filter
Iptables-z

3, open the specified port

#允许本地回环接口 (that is, running native access to this computer)

Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# allow established or connected traffic
Iptables-a input-m state–state established,related-j ACCEPT
#允许所有本机向外的访问
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp–dport 22-j ACCEPT
#允许访问80端口
Iptables-a input-p tcp–dport 80-j ACCEPT
#允许FTP服务的21和20端口
Iptables-a input-p tcp–dport 21-j ACCEPT
Iptables-a input-p tcp–dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, you can modify the above statement slightly
#禁止其他未允许的规则访问
Iptables-a input-j REJECT (Note: If the 22 port does not join the Allow rule, the SSH link will be disconnected directly.) )
Iptables-a forward-j REJECT

After the execution, these configurations are like using a command to configure IP, and the restart will lose its effect. You must perform the following command to save.

/etc/rc.d/init.d/iptables Save

4, Shielding IP

#如果只是想屏蔽IP的话 "3, open specified port" can be skipped directly.
#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 's orders.
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 's orders.
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 's order is
Iptables-i input-s 123.45.6.0/24-j DROP

5, view the added iptables rules

Iptables-l-N
V: Display details, including the number of matching packets per rule and the number of matched bytes
x: On the basis of V, the automatic unit conversion is prohibited (K, M)
N: only display IP address and port number, do not resolve IP to domain name

6, delete the added iptables rule

Displays all iptables as ordinal marks, executing:
Iptables-l-n–line-numbers
For example, to delete the rule in input ordinal 8, execute:
Iptables-d INPUT 8

7, iptables boot and rule save

CentOS may be installed on the iptables, iptables does not boot from boot, you can perform:

Chkconfig–level 345 iptables on

Add it to boot up.
CentOS can be performed on: Service iptables save rule.


Attention:

Be sure to leave your own behind, VNC. Management port for a management port and SSH

It is important to note that you must modify this file according to the circumstances of your own server.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.