This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Windows/Linux Centos configures iptables firewall
View: 12160|Reply: 0

[linux] Centos configures iptables firewall

[Copy link]
Posted on 11/11/2014 11:17:35 PM | | |
1. Check the status of the iptables service

Start by checking the status of the iptables service

[mw_shl_code=bash,true] [root@woxplife ~]# service iptables status
iptables: Firewall is not running.[/mw_shl_code]

The iptables service is installed, but the service is not started.
If you don't have it, you can install it directly

[mw_shl_code=bash,true]yum install -y iptables[/mw_shl_code]

Start iptables

[mw_shl_code=bash,true] [root@woxplife ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ][/mw_shl_code]

Take a look at the current configuration of iptables

[mw_shl_code=bash,true] [root@woxplife ~]# iptables -L -n[/mw_shl_code]

2. Clear the default firewall rules[mw_shl_code=bash,true]#首先在清除前要将policy INPUT is changed to ACCEPT, indicating that all requests are accepted.
#这个一定要先做, otherwise it may be tragic after emptying
iptables -P INPUT ACCEPT

#清空默认所有规则
iptables -F

#清空自定义的所有规则
iptables -X

#计数器置0
iptables -Z[/mw_shl_code]
3. Configuration rules
[mw_shl_code=bash,true]#允许来自于lo接口的数据包
#如果没有此规则, you will not be able to access local services through 127.0.0.1, such as ping 127.0.0.1
iptables -A INPUT -i lo -j ACCEPT

#ssh端口22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#FTP端口21
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

#web服务端口80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

#tomcat
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

#mysql
iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

#允许icmp包通过, that is, allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

#允许所有对外请求的返回包
#本机对外请求相当于OUTPUT, the return packet must be received, which is equivalent to INPUT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

#如果要添加内网ip信任 (accept all its TCP requests)
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT

#过滤所有非以上规则的请求
iptables -P INPUT DROP[/mw_shl_code]
4. Preservation

First, iptables -L -n to see if the configuration is correct.
After no problem, don't rush to save, because if you don't save, it is only valid for now, and it will not take effect after restarting, so that in case there is any problem, you can force the server to restart the settings in the background.
Open another SSH connection to ensure you can log in.

Make sure to save it later

[mw_shl_code=bash,true]#保存
[root@woxplife ~]# service iptables save

#添加到自启动chkconfig
[root@woxplife ~]# chkconfig iptables on[/mw_shl_code]








Previous:Alibaba Cloud Web Environment One-Click Installation Package 1.4.0, including nginx, apache, php, mysql, etc
Next:Taobao Double Eleven 35 billion in 2013 and 60 billion in 2014: four major weapons

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com