centos防火墙设置

来源:转载

1、关闭firewall:


systemctl stop firewalld.service #停止firewall


systemctl disable firewalld.service #禁止firewall开机启动

2、安装iptables防火墙


yum install iptables


yum install iptables-services

service iptables restart


chkconfig iptables on


或者


systemctl enable iptables


开机自启

3.添加规则


iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT


iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT


iptables -I INPUT 1 -p tcp --dport 3306 -j ACCEPT


iptables -I INPUT 1 -p tcp --dport 6379 -j ACCEPT

4.删除规则


iptables -D INPUT -p tcp --dport 80 -j ACCEPT

vi /etc/sysconfig/iptables


-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

service iptables save


systemctl status iptables


systemctl restart iptables #最后重启防火墙使配置生效


systemctl enable iptables.#设置防火墙开机启动

4、看防火墙规则,默认的是-t filter,如果是nat表查看,即iptables -t nat -L


iptables -L -n iptables -nL -t nat

**********************************


:INPUT ACCEPT [0:0]


:FORWARD ACCEPT [0:0]


:OUTPUT ACCEPT [0:0]


-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT


-A INPUT -p icmp -j ACCEPT


-A INPUT -i lo -j ACCEPT


##ssh


-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT


##http


-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT


##https


-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT


##redis


-A INPUT -p tcp -m tcp --dport 6379 -j ACCEPT


##mysql


-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT


-A INPUT -j REJECT --reject-with icmp-host-prohibited


-A FORWARD -j REJECT --reject-with icmp-host-prohibited


COMMIT

分享给朋友:
您可能感兴趣的文章:
随机阅读: