Set iptables firewall

Last Update:2014-05-27 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

[Root @ CentOS_Test_Server ~] # Ps-ef | grepmemcachedroot715610Aug03? 00:00:00/usr/local/bin/memcached-d-m10-uroot-l192.168.1.111-p11212-c256-P/tmp/memcached1.pidroot71 [root @ CentOS_Test_Server ~] # Ps-ef | grep Memcached
Root 7156 1 0 Aug03? 00:00:00/usr/local/bin/memcached-d-m 10-u root-l 192.168.1.111-p 11212-c 256-P/tmp/memcached1.pid
Root 7171 1 0 Aug03? 00:00:00/usr/local/bin/memcached-d-m 10-u root-l 192.168.1.111-p 11211-c 256-P/tmp/memcached. pid
MemcachedServer is installed on CentOS with the IP address 192.168.1.111. to enable access from the memcache Client on 192.168.1.100, you must set firewall rules. otherwise, access is denied.
If the file/etc/sysconfig/ IptablesIf it does not exist, run the/etc/rc. d/init. d/command/ IptablesSave generation
Vi/etc/sysconfig/iptables
Add the following three lines to the end of ACCEPT tcp -- 0.0.0.0/0 0.0.0/0 state NEW tcp dpt: 81:
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_11-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_12-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_13-j ACCEPT
Save and exit
You can also set firewall rules using the following three commands. The effect is the same.
Iptables-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 11211-j ACCEPT
Iptables-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 11212-j ACCEPT
Iptables-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 11213-j ACCEPT
Save the current rule. if it is not saved, the rule set after system restart will be lost.
[Root @ CentOS_Test_Server www] #/etc/rc. d/init. d/iptables save
Save the current rule to/etc/sysconfig/iptables: [OK]
Run the iptables-L-n command to view the current firewall rule file.
[Root @ CentOS_Test_Server ~] # Iptables-L-n
Chain INPUT (policy ACCEPT)
Target prot optsource destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
Target prot optsource destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
Target prot optsource destination
Chain RH-Firewall-1-INPUT (2 references)
Target prot optsource destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.20.udpdpt: 5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 uddpt: 631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 2049
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt: 137
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt: 138
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 139
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 445
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 23
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 81
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 11211
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 11212
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 11213
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Run the cat command to view the content of the/etc/sysconfig/iptables file.
[Root @ CentOS_Test_Server ~] # Cat/etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Tue Aug 4 00: 07: 282009
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [730: 200119]
: RH-Firewall-1-INPUT-[0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp-m icmp -- icmp-type any-jACCEPT
-A RH-Firewall-1-INPUT-p esp-j ACCEPT
-A RH-Firewall-1-INPUT-p ah-j ACCEPT
-A RH-Firewall-1-INPUT-d 224.0.0.20.- p udp-m udp -- dport 5353-jACCEPT
-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state RELATED, ESTABLISHED-jACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport21-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport2049-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport22-j ACCEPT
-A RH-Firewall-1-INPUT-p udp-m state -- state NEW-m udp -- dport1_j ACCEPT
-A RH-Firewall-1-INPUT-p udp-m state -- state NEW-m udp -- dport138-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport139-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport445-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport23-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport80-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport443-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport25-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport81-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_11-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_12-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport1_13-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT -- reject-withicmp-host-prohibited
COMMIT
# Completed on Tue Aug 4 00:07:28 2009
You can directly modify the/etc/sysconfig/iptables file to modify the firewall rules. before modification, stop the iptables service and run the serviceiptables stop command. Otherwise, if you do not stop the iptables service, run/etc/rc. d/init. after the d/iptablessave command, the file/etc/sysconfig/iptables is changed to the previous content.
Service iptables stop
Vi/etc/sysconfig/iptables
/Etc/rc. d/init. d/iptables save
Cat/etc/sysconfig/iptables (check whether the file has been modified)
Service iptables start

Command options with the iptables command
[Root @ CentOS_Test_Server bin] # iptables -- help
Iptables v1.3.5
Usage: iptables-[AD] chain rule-specification [options]
Iptables-[RI] chain rulenumrule-specification [options]
Iptables-D chain rulenum [options]
Iptables-[LFZ] [chain] [options]
Iptables-[NX] chain
Iptables-E old-chain-namenew-chain-name
Iptables-P chain target [options]
Iptables-h (print this helpinformation)
Commands:
Either long or short options are allowed.
-- Append-Achain Append to chain
-- Delete-Dchain Delete matching rule from chain
-- Delete-D chain rulenum
Delete rule rulenum (1 = first) from chain
-- Insert-I chain [rulenum]
Insert in chain as rulenum (default 1 = first)
-- Replace-R chain rulenum
Replace rule rulenum (1 = first) in chain
-- List-L [chain] Listthe rules in a chain or all chains
-- Flush-F [chain] Delete all rules in chain or all chains
-- Zero-Z [chain] Zerocounters in chain or all chains
-- New-Nchain Create a new user-defined chain
-- Delete-chain
-X [chain] Delete a user-defined chain
-- Policy-P chain target
Change policy on chain to target
-- Rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
-- Proto-p [!] Proto protocol: by number or name, eg. 'tcp'
-- Source-s [!] Address [/mask]
Source specification
-- Destination-d [!] Address [/mask]
Destination specification
-- In-interface-I [!] Input name [+]
Network interface name ([+] for wildcard)
-- Jump-jtarget
Target for rule (may load target extension)
-- Goto-g chain
Jump to chain with no return
-- Match-m match
Extended match (may load extension)
-- Numeric-n numeric output of addresses and ports
-- Out-interface-o [!] Output name [+]
Network interface name ([+] for wildcard)
-- Table-ttable table to manipulate (default: 'filter ')
-- Verbose-v verbose mode
-- Line-numbers print line numbers when listing
-- Exact-x expand numbers (display exact values)
[!] -- Fragment-f match second or further fragments only
-- Modprobe = Try to insert modules using this command
-- Set-counters pkts bytes set thecounter during insert/append
[!] -- Version-V print package version.
Refer:
Http://hi.baidu.com/chenshake/blog/item/8bb5cd166f872711962b43e4.html
Http://hi.baidu.com/156544632/blog/item/4dd35433152caffc1b4cff44.html
Http://hi.baidu.com/addcn/blog/item/add90f0940729f38e824882e.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Set iptables firewall

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Set iptables firewall

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support