配置防火墙,开启80端口、3306端口 & iptables 使用详解
2017-10-13 14:31
751 查看
1:配置防火墙,开启80端口、3306端口
vi /etc/sysconfig/iptables-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart #最后重启防火墙使配置生效
2:iptables 使用详解Centos 6 iptables 配置Ben2011/12/24[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination -----------插入1条记录[root@localhost ben.liu]# iptables -I INPUT -j ACCEPT -s 172.16.0.0/16 -p tcp --dport 443 -m state --state NEW [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination - [root@localhost ben.liu]# iptables-save# Generated by iptables-save v1.4.7 on Sat Dec 24 16:50:09 2011*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [201:20052]-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT# Completed on Sat Dec 24 16:50:09 2011--修改1条记录:比如第7条 state NEW tcp dpt:22 [root@localhost ben.liu]# iptables -R INPUT 7 -s 172.16.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT[root@localhost ben.liu]# iptables statusBad argument `status'Try `iptables -h' or 'iptables --help' for more information.[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 state NEW tcp dpt:22 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination --删除1条记录,比如:第7条[root@localhost ben.liu]# iptables -D INPUT 7[root@localhost ben.liu]# iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:https state NEW ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcc-mfp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)target prot opt source destination [root@localhost ben.liu]# iptables -L -nChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)target prot opt source destination [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination ---清空所有INPUT 记录 [root@localhost ben.liu]# iptables-save > /etc/sysconfig/iptables.bak[root@localhost ben.liu]# iptables -F INPUT[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination [root@localhost ben.liu]# iptables-save > /etc/sysconfig/iptables.bak[root@localhost ben.liu]# iptables -F INPUT[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination 恢复以前保存的记录:[root@localhost ben.liu]# iptables-restore /etc/sysconfig/iptables.bak [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination [root@localhost ben.liu]# iptables-save# Generated by iptables-save v1.4.7 on Sat Dec 24 17:24:57 2011*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [44:5152]-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT# Completed on Sat Dec 24 17:24:57 2011----------查看iptables 启动的规则文件:[root@localhost ben.liu]# cat /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT---关闭/ 禁止、允许随系统启动/启动/重启/ iptables服务 [root@localhost ben.liu]# service iptables stopiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ][root@localhost ben.liu]# chkconfig --level 35 iptables off[root@localhost ben.liu]# chkconfig --level 35 iptables on[root@localhost ben.liu]# service iptables startiptables: Applying firewall rules: [ OK ][root@localhost ben.liu]# service iptables restartiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ]
vi /etc/sysconfig/iptables-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart #最后重启防火墙使配置生效
2:iptables 使用详解Centos 6 iptables 配置Ben2011/12/24[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination -----------插入1条记录[root@localhost ben.liu]# iptables -I INPUT -j ACCEPT -s 172.16.0.0/16 -p tcp --dport 443 -m state --state NEW [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination - [root@localhost ben.liu]# iptables-save# Generated by iptables-save v1.4.7 on Sat Dec 24 16:50:09 2011*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [201:20052]-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT# Completed on Sat Dec 24 16:50:09 2011--修改1条记录:比如第7条 state NEW tcp dpt:22 [root@localhost ben.liu]# iptables -R INPUT 7 -s 172.16.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT[root@localhost ben.liu]# iptables statusBad argument `status'Try `iptables -h' or 'iptables --help' for more information.[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 state NEW tcp dpt:22 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination --删除1条记录,比如:第7条[root@localhost ben.liu]# iptables -D INPUT 7[root@localhost ben.liu]# iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:https state NEW ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcc-mfp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)target prot opt source destination [root@localhost ben.liu]# iptables -L -nChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)target prot opt source destination [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination ---清空所有INPUT 记录 [root@localhost ben.liu]# iptables-save > /etc/sysconfig/iptables.bak[root@localhost ben.liu]# iptables -F INPUT[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination [root@localhost ben.liu]# iptables-save > /etc/sysconfig/iptables.bak[root@localhost ben.liu]# iptables -F INPUT[root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination 恢复以前保存的记录:[root@localhost ben.liu]# iptables-restore /etc/sysconfig/iptables.bak [root@localhost ben.liu]# service iptables statusTable: filterChain INPUT (policy ACCEPT)num target prot opt source destination 1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)num target prot opt source destination [root@localhost ben.liu]# iptables-save# Generated by iptables-save v1.4.7 on Sat Dec 24 17:24:57 2011*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [44:5152]-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT# Completed on Sat Dec 24 17:24:57 2011----------查看iptables 启动的规则文件:[root@localhost ben.liu]# cat /etc/sysconfig/iptables# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT---关闭/ 禁止、允许随系统启动/启动/重启/ iptables服务 [root@localhost ben.liu]# service iptables stopiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ][root@localhost ben.liu]# chkconfig --level 35 iptables off[root@localhost ben.liu]# chkconfig --level 35 iptables on[root@localhost ben.liu]# service iptables startiptables: Applying firewall rules: [ OK ][root@localhost ben.liu]# service iptables restartiptables: Flushing firewall rules: [ OK ]iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Unloading modules: [ OK ]iptables: Applying firewall rules: [ OK ]
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置防火墙,开启80端口、3306端口 & iptables 使用详解
- 配置iptables防火墙,开启80端口、3306端口
- Linux配置防火墙 开启80端口、3306端口的方法
- 配置防火墙,开启80端口、3306端口
- Linux配置防火墙,开启80端口、3306端口
- Centos配置防火墙 开启80端口、3306端口的方法
- linux配置防火墙,开启80端口、3306端口的方法
- Linux配置防火墙,开启80端口、3306端口