[[Email protected] ~]# service iptables start
[[Email protected] ~]# service iptables status
Firewall is stopped
Workaround:
First, the initialization of the iptables.
Iptables-f
Service Iptables Save
Service Iptables Restart
Vi/etc/sysconfig/iptables
Second, the pre-iptables rules are added to it:
# Firewall configuration written by System-config-securitylevel
# Manual Customization of this file are not recommended.
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
: Rh-firewall-1-input-[0:0]
-A input-j Rh-firewall-1-input
-A forward-j Rh-firewall-1-input
-A rh-firewall-1-input-i lo-j ACCEPT
-A rh-firewall-1-input-p ICMP--icmp-type any-j ACCEPT
-A rh-firewall-1-input-p 50-j ACCEPT
-A rh-firewall-1-input-p 51-j ACCEPT
-A rh-firewall-1-input-p UDP--dport 5353-d 224.0.0.251-j ACCEPT
-A rh-firewall-1-input-p udp-m UDP--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 631-j ACCEPT
-A rh-firewall-1-input-m state--state established,related-j ACCEPT
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 443-j ACCEPT
-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited
COMMIT
and then save.
This article is from the "Boyhack" blog, make sure to keep this source http://461205160.blog.51cto.com/274918/1737700
Service iptables start non-reactive solution