Linux防火墙开放端口
2015-11-21 16:04
447 查看
本次演示是在linux防火墙开启的状态,开放端口(本次演示开启1521端口)
查看防火墙策略:
开放1521端口:
重启防火墙及保存更改
查看防火墙策略:
[root@localhost~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
注:在上面的文件中,需要修改一下顺序,因为 INPUT -j REJECT是除了以上的规则,都拒绝的,所以要把
-A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT 放置在INPUT -j REJECT的上面,使之规则有效,如下:
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
在另一台linux服务器telnet,测试一下端口情况,没问题
查看防火墙策略:
[root@localhost ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
开放1521端口:
[root@localhost~]# iptables -A INPUT -p tcp --dport 1521 -j ACCEPT
重启防火墙及保存更改
[root@localhost~]# service iptables restart [root@localhost~]# /etc/rc.d/init.d/iptables save
查看防火墙策略:
[root@localhost~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
注:在上面的文件中,需要修改一下顺序,因为 INPUT -j REJECT是除了以上的规则,都拒绝的,所以要把
-A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT 放置在INPUT -j REJECT的上面,使之规则有效,如下:
# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:556]
-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT
-A INPUT -j REJECT --reject-withicmp-host-prohibited
-A FORWARD -j REJECT --reject-withicmp-host-prohibited
COMMIT
# Completed on Sat Nov 21 14:11:30 2015
在另一台linux服务器telnet,测试一下端口情况,没问题
[root@rac1 oracle]# telnet 192.168.103.110 1521 Trying 192.168.103.110... Connected to 192.168.103.110. Escape character is '^]'.
相关文章推荐
- 高效获得Linux函数调用栈/backtrace的方法
- Linux init进程详解
- 整体方案
- Linux基本命令总结
- linux日常管理-系统进程查看工具-ps
- Linux 内核简介
- linux中高级信号函数sigaction和sigqueue实例
- linux自动挂载NTFS格式移动硬盘
- 【学神】1-1 linux简介
- Linux 守护进程的启动方法
- 自由说
- Linux 下安装 hadoop-2.7.x
- linux日常管理-free查看内存工具
- 腾讯云CentOS7.0使用yum安装mysql及使用遇到的问题
- 迷迷糊糊的把CentOS7在新机器上安装成功了
- 初衷
- linux日常管理-sar工具
- Linux c 下使用getopt()函数
- 将VNC 安装在Centos 7步骤
- RedHat&CentOS 安装谷歌浏览器chrome 与创建桌面快捷方式