1. Install iptables Firewall
How do I know if the system has iptables? Perform iptables-v if shown as:
Iptables v1.3.5
The instructions have been installed iptables.
If you do not install iptables, you need to install it first, execute:
Yum Install Iptables
Set up firewalls in Linux, take CentOS as an example, and open the Iptables configuration file:
Vi/etc/sysconfig/iptables
Query for open 80 ports through the/etc/init.d/iptables status command if there are no two ways to handle:
1. Modify the Vi/etc/sysconfig/iptables command to add the firewall to open 80 ports
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT
2. Turn off/Turn on/reboot the firewall
/etc/init.d/iptables Stop #start Open #restart reboot
3. Permanently shut down the firewall
Chkconfig--level iptables off/etc/init.d/iptables stop iptables-p INPUT DROP
4. Open Active mode 21 port
Iptables-a input-p TCP--dport 21-j ACCEPT
5. Open the port between passive mode 49152~65534
Iptables-a input-p TCP--dport 49152:65534-j ACCEPT
Iptables-a input-i lo-j ACCEPT
Iptables-a input-m State--state established-j ACCEPT
Restart iptables after all modifications are completed:
Service Iptables Restart
You can verify that the rules are in effect:
Iptables-l
Through the introduction of the article, we clearly know the CentOS to configure the process of Iptables firewall, I hope everyone can master it!
2. Clear existing iptables rules
IPTABLES-F rules for clearing all rule chains in a preset table filter
Iptables-x clears rules from user-defined chains in preset table filter
Iptables-z
3, open the specified port
#允许本地回环接口 (that is, running native access to this computer)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# allow established or connected traffic
Iptables-a input-m state–state established,related-j ACCEPT
#允许所有本机向外的访问
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp–dport 22-j ACCEPT
#允许访问80端口
Iptables-a input-p tcp–dport 80-j ACCEPT
#允许FTP服务的21和20端口
Iptables-a input-p tcp–dport 21-j ACCEPT
Iptables-a input-p tcp–dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, you can modify the above statement slightly
#禁止其他未允许的规则访问
Iptables-a input-j REJECT (Note: If the 22 port does not join the Allow rule, the SSH link will be disconnected directly.) )
Iptables-a forward-j REJECT
After the execution, these configurations are like using a command to configure IP, and the restart will lose its effect. You must perform the following command to save.
/etc/rc.d/init.d/iptables Save
4, Shielding IP
#如果只是想屏蔽IP的话 "3, open specified port" can be skipped directly.
#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 's orders.
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 's orders.
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 's order is
Iptables-i input-s 123.45.6.0/24-j DROP
5, view the added iptables rules
Iptables-l-N
V: Display details, including the number of matching packets per rule and the number of matched bytes
x: On the basis of V, the automatic unit conversion is prohibited (K, M)
N: only display IP address and port number, do not resolve IP to domain name
6, delete the added iptables rule
Displays all iptables as ordinal marks, executing:
Iptables-l-n–line-numbers
For example, to delete the rule in input ordinal 8, execute:
Iptables-d INPUT 8
7, iptables boot and rule save
CentOS may be installed on the iptables, iptables does not boot from boot, you can perform:
Chkconfig–level 345 iptables on
Add it to boot up.
CentOS can be performed on: Service iptables save rule.
Attention:
Be sure to leave your own behind, VNC. Management port for a management port and SSH
It is important to note that you must modify this file according to the circumstances of your own server.