CentOS firewall cannot be started, and the firewall service must be enabled for all online servers. this is the most direct and effective method for linux system security protection. 1. if serviceiptablesstartserviceiptablesrestart fails to start/restart the firewall. 2. the best way is to modify the configuration file vi/etc/sysco.
CentOS firewall cannot be started, and the firewall service must be enabled for all online servers. this is the most direct and effective method for linux system security protection.
1. if
Service iptables start
Service iptables restart
When the firewall cannot be started/restarted.
2. the best way is to modify the configuration file.
Vi/etc/sysconfig/iptables
[Plain]View plaincopy
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- * Filter
- : Input accept [0: 0]
- : Forward accept [0: 0]
- : Output accept [0: 0]
- -A input-m state -- state ESTABLISHED, RELATED-j ACCEPT
- -A input-p icmp-j ACCEPT
- -A input-I lo-j ACCEPT
- -A input-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT
- -A input-j REJECT -- reject-with icmp-host-prohibited
- -A forward-j REJECT -- reject-with icmp-host-prohibited
- COMMIT
Then start the firewall.
Service iptables start
View firewall services
Service iptables status
3. if you need to enable the exception port, add the following configuration:
Vi/etc/sysconfig/iptables
[Plain]View plaincopy
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- * Filter
- : Input accept [0: 0]
- : Forward accept [0: 0]
- : Output accept [0: 0]
- -A input-m state -- state ESTABLISHED, RELATED-j ACCEPT
- -A input-p icmp-j ACCEPT
- -A input-I lo-j ACCEPT
- -A input-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT
- -A input-m state -- state NEW-m tcp-p tcp -- dport 3306-j ACCEPT
- -A input-j REJECT -- reject-with icmp-host-prohibited
- -A forward-j REJECT -- reject-with icmp-host-prohibited
- COMMIT
As shown in the preceding figure, Port 3306 is added.
If you need to disable the firewall to start automatically
View status
Chkconfig -- list iptables disable automatic chkconfig iptables off
View status
Chkconfig -- list iptables