# The first two lines are Annotations # Firewallconfigurationwrittenbysystem-config-securitylevel # Manualcustomizationofthisfileisnotrecommended. # use the filter table * filter # the following four items define the built-in INPUT, FORWARD, and AC # The first two rows are annotations.
# Firewall configuration written bysystem-config-securitylevel
# Manual customization of this file is not recommended.
# Using a filter table
* Filter
# The following four items define the built-in INPUT, FORWARD, ACCEPT chain, and create a new chain called RH-Firewall-1-INPUT
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: RH-Firewall-1-INPUT-[0: 0]
# Write all inbound data to the log file
-A input-j LOG -- log-level crit
# The following rule will be added to the INPUT chain, and all packets sent to the INPUT chain will jump to the RH-Firewall-1 // chain.
-A input-j RH-Firewall-1-INPUT
# The following rule will be added to the FORWARD chain, and all packets sent to the INPUT chain will jump to the RH-Firewall-1 // chain.
-A forward-j RH-Firewall-1-INPUT
# The following rule will be added to the RH-Firewall-1-input chain. It can match all data packets. the inbound interface (-I) // is a loop interface (lo ).
# All packets matching this rule will pass (ACCEPT) and will not be compared with other rules.
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
# The following rule indicates that the icmp packet-p is rejected, and then the protocol is icmp, tcp, or udp. The port is behind-p -- sport source port, -- dport destination port. -J specifies the packet sent
# Target addresses such as ACCEPT, DROP, and QUEUE
-A RH-Firewall-1-INPUT-p icmp -- icmp-type any-j DROP
-An RH-Firewall-1-INPUT-p 50-j ACCEPT
-An RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-p udp -- dport 5353-d 224.0.0.20.- jACCEPT
-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state ESTABLISHED, RELATED-jACCEPT
#-M state -- state ESTABLISHED, RELATED this condition indicates that all
All packages in the RELATED status are accepted.
#-M state -- state NEW this condition is the policy when the connection state is NEW.
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport21-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport2049-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport22-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m udp-p udp -- dport1_j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m udp-p udp -- dport138-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport139-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport445-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport23-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport80-j DROP-s 222.221.7.84
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport80-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport443-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport25-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT -- reject-withicmp-host-prohibited
COMMIT
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
