Method of manual shutdown of Linux system firewall

Source: Internet
Author: User
Tags manual iptables firewall

The so-called firewall refers to a combination of software and hardware devices, between the internal and external network, A protective barrier constructed on the interface between a private network and a public network. is an image of a security approach, a combination of computer hardware and software that sets up a security gateway between the Internet and the intranet.

(1) Permanent entry into force after reboot:

Open: Chkconfig iptables on

Close: Chkconfig iptables off

(2) Immediate effect, restart after failure:

Open: Service iptables start

OFF: Service iptables stop

It should be explained that for other services under Linux, you can use the above command to perform the open and close operations.

When the firewall is turned on, make the following settings, open the relevant port,

Modify the/etc/sysconfig/iptables file and add the following:

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 80-j ACCEPT

-A rh-firewall-1-input-m state--state new-m tcp-p tcp--dport 22-j ACCEPT

Or:

/etc/init.d/iptables status will get a series of messages stating that the firewall is open.

/etc/rc.d/init.d/iptables Stop shutdown Firewall

At last:

In the root user input setup, into a graphical interface, select Firewall configuration, enter the next interface, select Security level for disabled, save. Reboot can be.

======================================================

Fedora under

/etc/init.d/iptables stop

=======================================================

Ubuntu under:

Because Ubuntu has no direct command of the relevant

Please use the following command

Iptables-p INPUT ACCEPT

Iptables-p OUTPUT ACCEPT

Temporarily open all ports

There's no command to turn off iptables on Ubuntu.

=======================================================

Iptables is the next powerful Linux firewall, without considering the efficiency of the case, powerful enough to replace most of the hardware firewall, but a powerful firewall if the application of improper, may be blocking the light of those potential attacks, but also may be your own oh. This harm may not matter to the ordinary personal PC, but imagine if this is a server, once this happens, not only the normal theater services, but also to the scene to restore, how much will it cost you?

So what I'm trying to say is that you have to be extremely careful when you're typing every iptables-related command.

1. When applying each rule to drop target, check the rules carefully and consider the impact he has on you before applying.

2. In the Redhat we can use the service iptables stop to turn off the firewall, but in some versions such as Ubuntu, this command does not work, you may search the Internet for many articles to tell you to use the IPTABLES-F command to shut down the firewall, But before using this command, remember to use Iptables-l to view the default target,iptables-f of all the chains in your system. This command just clears all the rules, Just don't really close iptables. Imagine if your chain default target is drop, you have rules to allow certain ports, but once the iptables-l is applied and all rules are cleared, the default target blocks any access. Of course include remote SSH Admin server for you.

So my recommended shutdown Firewall command is

Iptables-p INPUT ACCEPT

Iptables-p FORWARD ACCEPT

Iptables-p OUTPUT ACCEPT

Iptables-f

In short, when you want to make any changes on your server, it is best to have a test environment that has been fully tested and then applied to your server. In addition, to use good iptables, it is necessary to understand the operating principle of iptables, know for each packet iptables how to deal with. In this way, we can write the rules accurately and avoid causing unnecessary trouble.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.