Set the open port of CentOS Firewall
When using CentOS, CentOS firewall sometimes needs to change the settings. The CentOS firewall is enabled by default. You can set the open port of the CentOS firewall as follows:
Open the iptables configuration file:
Vi/etc/sysconfig/iptables
Note the following when modifying the CentOS firewall: You must leave yourself with a path to the VNC and an SSh Management port.
The following is an example of iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: RH-Firewall-1-INPUT-[0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp-type any-j ACCEPT
-An RH-Firewall-1-INPUT-p 50-j ACCEPT
-An RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state ESTABLISHED, RELATED-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 53-j ACCEPT
-An RH-Firewall-1-INPUT-m state-state NEW-m udp-p udp-dport 53-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 22-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 25-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 80-j ACCEPT
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 443-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT-reject-with icmp-host-prohibited
COMMIT
To modify the CentOS firewall, you must modify the file based on your server.
For example, if you do not want to open port 80 to provide web services, delete the line accordingly:
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 80-j ACCEPT
After all the modifications, restart iptables:
Service iptables restart
You can verify whether all rules have taken effect: iptables-L
In this way, the settings of the CentOS firewall are modified.