Set the firewall in Linux. take CentOS as an example to open the iptables configuration file: vi/etc/sysconfig/iptables through/etc/init. d/iptablesstatus command to check whether port 80 is enabled. If no port 80 is enabled, you can use either of the following methods: Method 1: 1. modify the vi/etc/sysconfig/iptables command to add a firewall for fire prevention in Linux. take CentOS as an example to open
IptablesConfiguration File:
Vi/etc/sysconfig/iptables
Run the/etc/init. d/iptables status command to check whether port 80 is enabled. if port 80 is not enabled, you can use either of the following methods:
Method 1: 1. modify the vi/etc/sysconfig/iptables command to add the firewall to open port 80
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT
2. Disable/enable/restart the firewall
/Etc/init. d/iptables stop
/Etc/init. d/iptables start
# Restart
Method 2: 1. permanently disable the firewall
Chkconfig -- level 35 iptables off
/Etc/init. d/iptables stop
Iptables-P INPUT DROP
2. enable port 21 in active mode
Iptables-a input-p tcp -- dport 21-j ACCEPT
3. enable passive mode 49152 ~ Port 65534
Iptables-a input-p tcp -- dport 49152: 65534-j ACCEPT
Iptables-a input-I lo-j ACCEPT
Iptables-a input-m state -- state ESTABLISHED-j ACCEPT
Note:
Be sure to leave a path for yourself and leave a VNC management port and an SSh management port.
You must modify the file based on your server.
After all the modifications, restart iptables:
Service iptables restart
Iptables-L // verify whether all rules have taken effect
In addition:
Iptables-I INPUT-p tcp -- dport 80-j ACCEPT
Iptables-I INPUT-p tcp -- dport 22-j ACCEPT
/Etc/init. d/iptables save // save
Iptables-L-n // view the configuration
Default ports of some software:
The port used by ftp is 20 21.
The ssh port is 22.
The http port is 80.
Telnet port is 23
Rsync port is 873
Svn port 3690
Pop3 port 110
Smtp port 25
Dns Port 53
MysqlPort 3306
Nfs Port 111
1. check the settings of IPTABLES on the local machine and disable all ports. # Be careful, or your ssh connection will be lost.
Iptables-L-n -- line-number // display the row number
Iptables-P INPUT DROP
Iptables-P OUTPUT DROP
Iptables-P FORWARD DROP
# Be careful, or your ssh connection will be lost
2. add rules
Iptables-I INPUT-p tcp -- dport 873-j ACCEPT
Iptables-I OUTPUT-p tcp -- sport 873-j ACCEPT
# Add-s xxx. xxx as the source ip address
3. Save the rule
/Etc/init. d/iptables save
4. restart iptables
Service iptables restart
5. delete the rule, delete the corresponding entry, and remember to save and restart the rule.
Iptables-L-n -- line-number
Iptables-d input 2
Iptables-d output 2
6. for example, add the 873 port number and only allow access from 10.218.32.153.
Iptables-I INPUT-p tcp-s 10.218.32.153 -- dport 873-jACCEPT
Iptables-I OUTPUT-p tcp-d 10.218.32.153 -- sport 873-jACCEPT
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
