First, firewall configuration
# Vi/etc/sysconfig/iptables
The following firewall rule file example (the red part is the content that needs to be changed)
///////////////////////////////////////////////////////////////////////////////////////////////////
# Firewall configuration written by System-config-securitylevel
# Manual Customization of this file are not recommended.
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
: Rh-firewall-1-input-[0:0]
-A input-j Rh-firewall-1-input
-A forward-j Rh-firewall-1-input
-A rh-firewall-1-input-i lo-j ACCEPT
-A rh-firewall-1-input-p ICMP--icmp-type any-j ACCEPT
-A rh-firewall-1-input-m state--state established,related-j ACCEPT
#nginx Business
-A rh-firewall-1-input-m State--state new-m tcp-p TCP--dport 80-j ACCEPT
# open Access to all IP (example: just use the 3223 port on the line, corresponding to the SSH port, the default is)
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 3223-j ACCEPT
# Specify intranet IP segment Access
-A rh-firewall-1-input-s 0.0.0.35/255.255.255.240-j ACCEPT
-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited
COMMIT
///////////////////////////////////////////////////////////////////////////////////////////////////
/etc/init.d/iptables Start # boot firewall (stop/restart)
First, SSH configuration
1. Edit the /etc/ssh/ssh_config file:
#vi /etc/ssh/ssh_config
/22 #进入编辑页面后输入/22 then enter can text Search 22 related locations
Remove the annotated symbol "#" from the Port before the comment, and Change it to 3223, Save exit.
2. Edit the /etc/ssh/sshd_config file:
#vi/etc/ssh/sshd_config
will port 22 instead 3223 and find permitrootlogin yes change to no root , save exit.
3. restart ssh:
#/etc/init.d/sshd restart
Currentdo not close the window first, and ConfirmThe 3223 Port can be allowed by the fire damper,A new window opens,First make sureNew Windowcan beSuccessLogin.
This article from "Art Morning Blog" blog, declined to reprint!
Linux Firewall and SSH configuration