您的位置:首页 > 运维架构 > Linux

Linux(CentOS6.5) 开放端口,配置防火墙

2014-11-10 21:54 1136 查看

Linux(CentOS6.5) 开放端口,配置防火墙

博客分类:
Linux

LinuxCentOS开放端口

打开配置文件

命令代码







[root@localhost ~]# vi /etc/sysconfig/iptables

[root@localhost ~]# vi /etc/sysconfig/iptables


正确的配置文件

配置代码







# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT -A INPUT -j REJECT –reject-with icmp-host-prohibited -A FORWARD -j REJECT –reject-with icmp-host-prohibited COMMIT
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT


配置[*]通配代码







-A INPUT -m state –state NEW -m tcp -p tcp –dport * -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport * -j ACCEPT


注意点:新开放的端口一定要在端口22后面

重启防火墙使配置生效

命令代码







[root@localhost ~]# /etc/init.d/iptables restart

[root@localhost ~]# /etc/init.d/iptables restart


其它

查看开放端口

命令代码







[root@localhost ~]# /etc/init.d/iptables status

[root@localhost ~]# /etc/init.d/iptables status


关闭防火墙

命令代码







[root@localhost ~]# /etc/init.d/iptables stop
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航