Linux firewall settings

(1) Permanent effect after reboot:

Open: Chkconfig iptables on

OFF: Chkconfig iptables off

(2) Immediate effect, failure after restart:

Open: Service iptables start

Close: Service iptables stop

It should be stated that for other services under Linux, the above command can be used to perform the open and close operations.

(3) When the firewall is turned on, do the following settings, open the relevant port,

Modify the/etc/sysconfig/iptables file to add the following:

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 80-j ACCEPT

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 22-j ACCEPT

Or:

/etc/init.d/iptables status will get a series of messages stating that the firewall is open.

/etc/rc.d/init.d/iptables Stop shutting down the firewall

(4) Finally:

Enter setup under the root user, enter a graphical interface, select Firewall configuration, go to the next interface, select the security level for disabled, save. Reboot.

======================================================

Under Fedora

/etc/init.d/iptables stop

=======================================================

Under Ubuntu:

Since Ubuntu does not have the relevant direct commands

Please use the following command

Iptables-p INPUT ACCEPT

Iptables-p OUTPUT ACCEPT

Temporarily open all ports

There's no command to close iptables on Ubuntu.

=======================================================

Iptables is the next powerful Linux firewall, without considering the efficiency of the case, powerful enough to replace most hardware firewalls, but the powerful firewall if the application is not appropriate, may be blocking is not just the potential attacks, and may be your own oh. The harm to the ordinary personal PC may not matter, but imagine if this is a server, if this happens, not only the normal theater services, but also to the scene to recover, which will bring you how much loss?

So what I'm trying to say is that you have to be very careful when you're typing in each of the iptables related commands.

1. When applying each rule to DROP target, check the rules carefully and consider the impact he has on you before applying them.

2. In Redhat we can use the service iptables stop to turn off the firewall, but in some versions such as Ubuntu This command does not work, you may search the Internet a lot of articles tell you to use iptables-f this command to shut down the firewall, But before using this command, remember to use IPTABLES-L to see the default target,iptables-f for all the chains in your system. This command simply clears all the rules and does not actually close the iptables. Imagine if your chain default target is drop, You have rules to allow certain ports, but once the iptables-l is applied and all rules are cleared, the default target blocks any access, including, of course, your remote SSH Management Server.

So I recommend that the Shut down firewall command is

Iptables-p INPUT ACCEPT

Iptables-p FORWARD ACCEPT

Iptables-p OUTPUT ACCEPT

Iptables-f

In short, when you want to make any changes to your server, it is best to have a test environment that has been fully tested and applied to your server. In addition, to use good iptables, it is necessary to understand the iptables operation principle, know how each packet iptables how to deal with. In this way, the rules can be written accurately to avoid unnecessary trouble.

Linux firewall settings