Tutorial on setting up CentOS firewall iptables in Linux

1. Install iptables Firewall

How do I know if the system has iptables? Perform iptables-v if shown as:

Iptables v1.3.5

The instructions have been installed iptables.
If you do not install iptables, you need to install it first, execute:

Yum Install Iptables

Set up firewalls in Linux, take CentOS as an example, and open the Iptables configuration file:

Vi/etc/sysconfig/iptables
Query for open 80 ports through the/etc/init.d/iptables status command if there are no two ways to handle:

1. Modify the Vi/etc/sysconfig/iptables command to add the firewall to open 80 ports

-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT
2. Turn off/Turn on/reboot the firewall

/etc/init.d/iptables Stop #start Open #restart reboot
3. Permanently shut down the firewall

Chkconfig--level iptables off/etc/init.d/iptables stop iptables-p INPUT DROP
4. Open Active mode 21 port

Iptables-a input-p TCP--dport 21-j ACCEPT
5. Open the port between passive mode 49152~65534

Iptables-a input-p TCP--dport 49152:65534-j ACCEPT
Iptables-a input-i lo-j ACCEPT
Iptables-a input-m State--state established-j ACCEPT

Restart iptables after all modifications are completed:

Service Iptables Restart

You can verify that the rules are in effect:

Iptables-l

Through the introduction of the article, we clearly know the CentOS to configure the process of Iptables firewall, I hope everyone can master it!

2. Clear existing iptables rules

IPTABLES-F rules for clearing all rule chains in a preset table filter
Iptables-x clears rules from user-defined chains in preset table filter
Iptables-z

3, open the specified port

#允许本地回环接口 (that is, running native access to this computer)

Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# allow established or connected traffic
Iptables-a input-m state–state established,related-j ACCEPT
#允许所有本机向外的访问
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp–dport 22-j ACCEPT
#允许访问80端口
Iptables-a input-p tcp–dport 80-j ACCEPT
#允许FTP服务的21和20端口
Iptables-a input-p tcp–dport 21-j ACCEPT
Iptables-a input-p tcp–dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, you can modify the above statement slightly
#禁止其他未允许的规则访问
Iptables-a input-j REJECT (Note: If the 22 port does not join the Allow rule, the SSH link will be disconnected directly.) ）
Iptables-a forward-j REJECT

After the execution, these configurations are like using a command to configure IP, and the restart will lose its effect. You must perform the following command to save.

/etc/rc.d/init.d/iptables Save

4, Shielding IP

#如果只是想屏蔽IP的话 "3, open specified port" can be skipped directly.
#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 's orders.
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 's orders.
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 's order is
Iptables-i input-s 123.45.6.0/24-j DROP

5, view the added iptables rules

Iptables-l-N
V: Display details, including the number of matching packets per rule and the number of matched bytes
x: On the basis of V, the automatic unit conversion is prohibited (K, M)
N: only display IP address and port number, do not resolve IP to domain name

6, delete the added iptables rule

Displays all iptables as ordinal marks, executing:
Iptables-l-n–line-numbers
For example, to delete the rule in input ordinal 8, execute:
Iptables-d INPUT 8

7, iptables boot and rule save

CentOS may be installed on the iptables, iptables does not boot from boot, you can perform:

Chkconfig–level 345 iptables on

Add it to boot up.
CentOS can be performed on: Service iptables save rule.

Attention:

Be sure to leave your own behind, VNC. Management port for a management port and SSH

It is important to note that you must modify this file according to the circumstances of your own server.