Iptables common port settings

# Enable port 22
Iptables-a input-p tcp -- dport 22-j ACCEPT
Iptables-a output-p tcp -- sport 22-j ACCEPT

# Disable all ports
Iptables-P INPUT DROP
Iptables-P FORWARD DROP
Iptables-P OUTPUT DROP

# Enable port 80 and HTTP service
Iptables-a input-p tcp -- dport 80-j ACCEPT
Iptables-a output-p tcp -- sport 80-j ACCEPT

# Enable port 3306 and MYSQL Service
Iptables-a input-p tcp -- dport 3306-j ACCEPT
Iptables-a output-p tcp -- sport 3306-j ACCEPT

# Enable port 53 and DNS Service
Iptables-a output-p udp -- dport 53-j ACCEPT
Iptables-a input-p udp -- sport 53-j ACCEPT
Iptables-a input-p udp -- dport 53-j ACCEPT
Iptables-a output-p udp -- sport 53-j ACCEPT

# Enable port 20 and port 21 for the FTP service
Iptables-a input-p tcp -- dport 21-j ACCEPT
Iptables-a input-p tcp -- dport 20-j ACCEPT
Iptables-a output-p tcp -- sport 21-j ACCEPT
Iptables-a output-p tcp -- sport 20-j ACCEPT

# Because FTP uses any port during upload/download, set the port used by FTP before opening the port
Vi/etc/vsftpd. conf
# Add at the bottom of the configuration file
Pasv_min_port = 30001
Pasvanderbilt max_port = 31000

Iptables-a input-p tcp -- dport 30001: 31000-j ACCEPT
Iptables-a output-p tcp -- sport 30001: 31000-j ACCEPT

# Open PING
Iptables-a output-p icmp-j ACCEPT
Iptables-a input-p icmp-j ACCEPT

# Replace the safe output port
Iptables-r output 1-p tcp -- sport 22-m state -- state ESTABLISHED, RELATED-j ACCEPT
Iptables-r output 2-p tcp -- sport 80-m state -- state ESTABLISHED, RELATED-j ACCEPT

# Save IPTABLES settings
Service iptables save

# Check whether the file is successfully saved
Cat/etc/sysconfig/iptables

# The following content indicates that the setting is successful:

# Generated by iptables-save v1.3.5 on Thu Sep 8 19:41:30 2011
* Filter
: Input drop [103: 6135]
: Forward drop [0: 0]
: Output drop [12: 964]
-A input-p tcp-m tcp -- dport 22-j ACCEPT
-A input-p tcp-m tcp -- dport 80-j ACCEPT
-A input-p tcp-m tcp -- dport 3306-j ACCEPT
-A input-p udp-m udp -- sport 53-j ACCEPT
-A input-p udp-m udp -- dport 53-j ACCEPT
-A input-p tcp-m tcp -- dport 21-j ACCEPT
-A input-p tcp-m tcp -- dport 20-j ACCEPT
-A input-p tcp-m tcp -- dport 30001: 31000-j ACCEPT
-A input-p icmp-j ACCEPT
-A output-p tcp-m tcp -- sport 22-m state -- state RELATED, ESTABLISHED-j ACCEPT
-A output-p tcp-m tcp -- sport 80-m state -- state RELATED, ESTABLISHED-j ACCEPT
-A output-p tcp-m tcp -- sport 3306-j ACCEPT
-A output-p udp-m udp -- dport 53-j ACCEPT
-A output-p udp-m udp -- sport 53-j ACCEPT
-A output-p tcp-m tcp -- sport 21-j ACCEPT
-A output-p tcp-m tcp -- sport 20-j ACCEPT
-A output-p tcp-m tcp -- sport 30001: 31000-j ACCEPT
-A output-p icmp-j ACCEPT
COMMIT
# Completed on Thu Sep 8 19:41:30 2011

# In addition, use the following command to view rules by number:
Iptables-L-n -- line-number
Author "Peach Blossom blossom"