Linuxiptables firewall disabling or enabling and modifying SSH port and other configurations

Disable/etc/rc. d/init. d/iptablesstop: Enable/etc/rc. d/init. d/iptablesstart view current configuration: iptables-Lredhat: chkconfig -- level2345iptablesoffserviceiptablesstop but it is not recommended to disable firewall 1) enable it after restart: chk

Close

/Etc/rc. d/init. d/IptablesStop

Enable

/Etc/rc. d/init. d/iptables start

View current configuration: iptables-L

Redhat:

Chkconfig -- level 2345 iptables off

Service iptables stop

However, it is not recommended to disable the firewall.

1) takes effect after restart

Enable: chkconfig iptables on

Close: chkconfig iptables off

2) takes effect immediately and becomes invalid after restart

Enable: service iptables start

Disable: service iptables stop

You can use the preceding command to enable or disable other services in Linux.

When the firewall is enabled, make the following settings to enable the relevant ports,

Modify the/etc/sysconfig/iptables file and add the following content:

-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT

Restart the iptalbes service: service iptables restart

========================================================== =

Modify SSH ports in Linux

First:

1. if you want to change the SSH default port (22), you only need to modify Port22 in/etc/ssh/sshd_config. here, change 22 to the port you want to set, but do not set the same port as the existing port to avoid unknown consequences.

2. if you want to restrict the SSH login IP address, you can do the following:

First: modify/etc/hosts. deny and add sshd: ALL

Then, modify:/etc/hosts. allow and set sshd: 192.168.0.168 as follows:

In this way, only the IP address 192.168.0.168 can be bound to log on to the LINUX machine through SSH. Of course, as a server, I do not install gnome or KDE, and many things do not, which increases the security factor.

Second:

First, modify the configuration file.

Vi/etc/ssh/sshd_config

Find the section # Port 22, which indicates that Port 22 is used by default and changed to the following:

Port 22

Port 88888

Save and exit

Run/etc/init. d/sshd restart

In this way, the SSH Port will work on both 22 and 88888.

Now edit the firewall configuration: vi/etc/sysconfig/iptables

Port 88888 is enabled.

Run/etc/init. d/iptables restart

Now, use the ssh tool to connect to Port 88888 to test whether the connection is successful. If the connection is successful, edit the settings of sshd_config again and delete Port22.

The production machine prohibits ROOT remote SSH login:

# Vi/etc/ssh/sshd_config

Set

PermitRootLogin yes

Change

PermitRootLogin no

Restart sshd service

# Service sshd restart

The reason for setting two ports first and then disabling one after the test is successful is to prevent unknown situations such as disconnection, network disconnection, and misoperation during the conf modification process, you can also connect to debug through another port.