[关闭]
@MrXiao 2018-08-31T09:26:27.000000Z 字数 1145 阅读 992

【Linux】Centos7关闭firewall防火墙,改用iptables

Linux


原文地址: http://www.greateman.top

1、关闭默认的firewall

  1. systemctl stop firewalld.service #停止firewall
  2. systemctl disable firewalld.service #禁止firewall开机启动
  3. firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)

2、开启iptables

  1. yum install iptables #(根据centOS7的版本和内核,有些版本已经装过,可以跳过此命令)
  2. yum install iptables-services
  3. service iptables restart
  4. chkconfig iptables on 或者 systemctl enable iptables.service开机自启</span>

3、编辑防火墙文件

  1. vim /etc/sysconfig/iptables

开启21,22,80,3306端口

  1. <span style="font-size:18px;"># sampleconfiguration for iptables service
  2. # # you can edit thismanually or use system-config-firewall
  3. # # please do not askus to add additional ports/services to this default configuration
  4. *filter
  5. :INPUT ACCEPT [0:0]
  6. :FORWARD ACCEPT [0:0]
  7. :OUTPUT ACCEPT [0:0]
  8. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  9. -A INPUT -p icmp -j ACCEPT
  10. -A INPUT -i lo -j ACCEPT
  11. -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
  12. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  13. -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  14. -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
  15. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  16. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  17. COMMIT </span>

4、查看iptables

  1. iptables -L -n
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注