First, the opening and closing of the iptables
1. Reboot system effective
[Sun@webserver2 ~]$ sudo chkconfig iptables on[Sun@webserver2 ~]$ sudo chkconfig iptables off
2. Immediate effect, reboot system failure
[Sun@webserver2 ~]$ sudo service
1. Allow to pass through a port at one end
Vi/etc/sysconfig/iptables
-A input-m state--state new-m tcp-p TCP--dport 80-j ACCEPT (allow 80 ports through the firewall)
/etc/init.d/iptables restart
#最后重启防火墙使配置生效
Allow only specific IP access to a
Method One, filter some IP access to this server
To shut down an IP, use this command:
The code is as follows
Copy Code
Iptables-i input-s ***.***.***.***-j DROP
To unlock an IP, use the following command:
The firewall in centos is a very powerful function, but it has been upgraded in the firewall in centos. Let's take a look at the usage of the firewall in centos in detail.
Basic firewall operationsCommand
Query the Firewall Status: [root @
1. Introduction: CentOS? What is the shortest margin of the dual ship ?? Powerful Fire Prevention ??, It is collectively referred to as iptables, but the more correct name is iptables/netfilter. Iptables is a usage? Which region accounts? ?? Why?
The firewall in Linux mainly sets and manages iptables.
1. restart the system to take effect
Enable: chkconfig iptables on
Close: chkconfig iptables off
2. It takes effect immediately and becomes invalid after restartEnable: Service iptables
In Linux, Firewall, URL translation (NAT), packet record, and traffic statistics are provided by the Netfilter subsystem, iptables is a tool for controlling Netfilter. Iptables organizes many complex rules into a way that is easy to control, so that
Go to the/etc/sysconfig/directory and run the vi command to edit the SuSEfirewall2 file.-> # vi SuSEfirewall2: Find FW_SERVICES_EXT_TCP in the file, add a service name or port corresponding to the service, for example, SSH, FW_SERVICES_EXT_TCP =
# Delete existing rules in iptablesIptables-FIptables-x
# Discard all data packets that do not comply with the three chain rulesIptables-P input dropIptables-P output dropIptables-P forward drop
Iptables-A input-I lo-J acceptIptables-A output-O
Configure the iptables configuration parameters of the Centos6.x series firewall:System environment:[Root @ hk service] # uname-mX86_64[Root @ hk service] # cat/etc/redhat-releaseCentOS release 6.6 (Final)[Root @ hk service] # uname-Linux
The firewall (firewall), also known as the protective wall, was invented by Check Point founder Gil Shwed in 1993 and introduced to the Internet. It is an information security protection system that allows or restricts the transmission of data
Firewall, which is a network security system located between the internal network and the external network. An information security protection system that allows or restricts the transmission of data according to specific rules.Firewall according to
1. Permanent entry into force, no recovery after reboot
Open:
The code is as follows
Copy Code
Chkconfig iptables on
Shut down:
The code is as follows
Copy Code
Chkconfig iptables
First, about Iptables
Iptables is a command-line-based firewall tool that uses rule chains to allow/block network traffic. When a network connection attempts to build on your system, iptables finds its corresponding matching rule. If it is not
Use Nginx and iptables for access control (IP and MAC)
The previously configured server is public to the entire intranet. Besides indirectly accessing various services through nginx on port 80, you can also bypass nginx, it is wrong to directly
Iptables in CentOS 7
CentOS 7.0 uses firewall as the firewall by default. Here, it is changed to iptables firewall.
1. Disable firewall:
Systemctl stop firewalld. service # stop firewall
Systemctl disable firewalld. service # disable firewall
Set iptables firewall whitelist in Linux (RHEL 6 and CentOS 7)
Go to the Linux Command Line and edit the firewall rule configuration file iptables.Vi/etc/sysconfig/iptables
The following is an example of whitelist settings:
# Firewall configuration
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.