When we use the CentOS system, the CentOS firewall sometimes needs to change the settings. The CentOS firewall is enabled by default. You can set the open port of the CentOS firewall as follows:
Open the iptables configuration file:
Vi/etc/sysconfig/iptables
Note the following when modifying the CentOS firewall: You must leave yourself with a path to the VNC and an SSh Management port.
The following is an example of iptables:
# Firewallconfigurationwrittenbysystem-config-securitylevel
# Manualcustomizationofthisfileisnotrecommended.
* Filter
: INPUTACCEPT [0: 0]
: FORWARDACCEPT [0: 0]
: OUTPUTACCEPT [0: 0]
: RH-Firewall-1-INPUT-[0: 0]
AINPUT-jRH-Firewall-1-INPUT
AFORWARD-jRH-Firewall-1-INPUT
ARH-Firewall-1-INPUT-ilo-jACCEPT
ARH-Firewall-1-INPUT-picmp-icmp-typeany-jACCEPT
ARH-Firewall-1-INPUT-p50-jACCEPT
ARH-Firewall-1-INPUT-p51-jACCEPT
-ARH-Firewall-1-INPUT-mstate-stateESTABLISHED, RELATED-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport53-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mudp-pudp-dport53-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport22-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport25-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport80-jACCEPT
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport443-jACCEPT
ARH-Firewall-1-INPUT-jREJECT-reject-withicmp-host-prohibited
COMMIT
To modify the CentOS firewall, you must modify the file based on your server.
For example, if you do not want to open port 80 to provide web services, delete the line accordingly:
ARH-Firewall-1-INPUT-mstate-stateNEW-mtcp-ptcp-dport80-jACCEPT
After all the modifications, restart iptables:
Serviceiptablesrestart
You can verify whether all rules have taken effect: iptables-L
In this way, the settings of the CentOS firewall are modified.