Linux Firewall firewall, iptables

(1) permanent effect after reboot:

Open: Systemctl enable Iptables.service'.
Ln-s '/usr/lib/systemd/system/iptables.service '/etc/systemd/system/basic.target.wants/iptables.service '

Close: Systemctl Disable Iptables.service

(2) immediate effect, failure after restart:

Open: Systemctl start Iptables.service

Close: Systemctl Stop Iptables.service

It should be stated that for other services under Linux, the above command can be used to perform the open and close operations.

When the firewall is turned on, make the following settings, open the relevant port,

Modify The/etc/sysconfig/iptables file to add the following:

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 80-j ACCEPT

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 22-j ACCEPT

Or:

/etc/init.d/iptables status will get a series of messages stating that the firewall is open.

/etc/rc.d/init.d/iptables Stop shutting down the firewall

At last:

Enter setup under the root user, enter a graphical interface, select Firewall configuration, go to the next interface, choose Security level Disabled, Save. Reboot.

======================================================

under fedora

/etc/init.d/iptables Stop

=======================================================

under Ubuntu:

Since UBUNTU does not have the relevant direct commands

Please use the following command

iptables-p INPUT ACCEPT

iptables-p OUTPUT ACCEPT

Temporarily open all ports

There 's no command to close iptables on Ubuntu.

=======================================================

iptables is the next powerful Linux firewall, without regard to efficiency, powerful enough to replace most of the hardware firewall, but the powerful firewall if the application is inappropriate, may be blocking is not just those potential attacks, And it could be you, too. The harm to the ordinary personal PC may not matter, but imagine if this is a server, if this happens, not only the normal theater services, but also to the scene to recover, which will bring you how much loss?

So what I'm trying to say is that you have to be very careful when you're typing in each of the iptables related commands.

1. when applying each rule to DROP target , check the rules carefully and consider the impact he has on you before applying them.

2.InRedhatWe can use theService Iptables StopTo turn off the firewall, but in some versions such asUbuntuThis command does not work, you may search the Internet a lot of articles tell you to useiptables-f This command to shut down the firewall, but before using this command, remember to use iptables-l to check the default target of all the chains in your system iptables-f This command simply clears all the rules and does not actually close the iptables. Imagine that if your chain default target is DROP, you would have a rule to allow some specific ports, but once the iptables-l is applied , all rules are cleared, the default Target will block you from any access, including, of course, the remote SSH Management Server.

So I recommend that the Shut down firewall command is

iptables-p INPUT ACCEPT

iptables-p FORWARD ACCEPT

iptables-p OUTPUT ACCEPT

iptables-f

In short, when you want to make any changes to your server, it is best to have a test environment that has been fully tested and applied to your server. In addition, to use good iptables, it is necessary to understand the iptables operation principle, know how each packet iptables how to deal with. In this way, the rules can be written accurately to avoid unnecessary trouble.