The strange problem of setting up firewalls with iptables on CentOS

Server environment: Ali Server, Linux CentOS operating system, Couchbase server

Start security policy: Deny all by default, allow only required

Action command:

Allow inbound SSH connections

Iptables-a input-p TCP--dport 22-m State--state New,established-j

Allow inbound 8092-port access for eth0 network adapters

Iptables-a input-i eth0-p tcp-m tcp--dport 8092-j ACCEPT

Deny all other inbound connections

Iptables-p INPUT DROP

Save Rule to/etc/sysconfig/iptables

Service Iptables Save

Start the firewall and let it run

Chkconfig--level 345 iptables on

After this operation, the security policy takes effect, but the client ssh is found to be connected to the server, but the speed of the connection is significantly slower and the Couchbase server does not start properly.

Later, change the firewall security policy, instead of tacitly allow all, only reject the required, problem resolution. The operation commands are as follows:

Iptables-p INPUT ACCEPT
iptables-a input-i eth1-p tcp-m tcp--dport 8092-j DROP
service iptables save
Ch Kconfig--level 345 iptables on

Update:

Thanks to Sumtec, the reason that the SSH connection is slow is caused by the-m state--state new,established.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/