Disable/etc/rc. d/init. d/iptablesstop: Enable/etc/rc. d/init. d/iptablesstart view current configuration: iptables-Lredhat: chkconfig -- level2345iptablesoffserviceiptablesstop but it is not recommended to disable firewall 1) enable it after restart: chk
Close
/Etc/rc. d/init. d/IptablesStop
Enable
/Etc/rc. d/init. d/iptables start
View current configuration: iptables-L
Redhat:
Chkconfig -- level 2345 iptables off
Service iptables stop
However, it is not recommended to disable the firewall.
1) takes effect after restart
Enable: chkconfig iptables on
Close: chkconfig iptables off
2) takes effect immediately and becomes invalid after restart
Enable: service iptables start
Disable: service iptables stop
You can use the preceding command to enable or disable other services in Linux.
When the firewall is enabled, make the following settings to enable the relevant ports,
Modify the/etc/sysconfig/iptables file and add the following content:
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT
Restart the iptalbes service: service iptables restart
========================================================== =
Modify SSH ports in Linux
First:
1. if you want to change the SSH default port (22), you only need to modify Port22 in/etc/ssh/sshd_config. here, change 22 to the port you want to set, but do not set the same port as the existing port to avoid unknown consequences.
2. if you want to restrict the SSH login IP address, you can do the following:
First: modify/etc/hosts. deny and add sshd: ALL
Then, modify:/etc/hosts. allow and set sshd: 192.168.0.168 as follows:
In this way, only the IP address 192.168.0.168 can be bound to log on to the LINUX machine through SSH. Of course, as a server, I do not install gnome or KDE, and many things do not, which increases the security factor.
Second:
First, modify the configuration file.
Vi/etc/ssh/sshd_config
Find the section # Port 22, which indicates that Port 22 is used by default and changed to the following:
Port 22
Port 88888
Save and exit
Run/etc/init. d/sshd restart
In this way, the SSH Port will work on both 22 and 88888.
Now edit the firewall configuration: vi/etc/sysconfig/iptables
Port 88888 is enabled.
Run/etc/init. d/iptables restart
Now, use the ssh tool to connect to Port 88888 to test whether the connection is successful. If the connection is successful, edit the settings of sshd_config again and delete Port22.
The production machine prohibits ROOT remote SSH login:
# Vi/etc/ssh/sshd_config
Set
PermitRootLogin yes
Change
PermitRootLogin no
Restart sshd service
# Service sshd restart
The reason for setting two ports first and then disabling one after the test is successful is to prevent unknown situations such as disconnection, network disconnection, and misoperation during the conf modification process, you can also connect to debug through another port.