iptables打開22,80,8080,3306等端口
systemctl stop firewalld systemctl mask firewalld
Then, install the iptables-services package:html
yum install iptables-services
Enable the service at boot-time:瀏覽器
systemctl enable iptables
Managing the servicetcp
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:this
service iptables save
orspa
/usr/libexec/iptables/iptables.init save
reference:https://www.cnblogs.com/anne32184/p/5961806.html
1 vi /etc/sysconfig/iptables 2 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(容許80端口經過防火牆) 3 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(容許3306端口經過防火牆) 4 特別提示:不少網友把這兩條規則添加到防火牆配置的最後一行,致使防火牆啓動失敗,正確的應該是添加到默認的22端口這條規則的下面 5 添加好以後防火牆規則以下所示: 6 ###################################### 7 # Firewall configuration written by system-config-firewall 8 # Manual customization of this file is not recommended. 9 *filter 10 :INPUT ACCEPT [0:0] 11 :FORWARD ACCEPT [0:0] 12 :OUTPUT ACCEPT [0:0] 13 -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT 14 -A INPUT -p icmp -j ACCEPT 15 -A INPUT -i lo -j ACCEPT 16 -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT 17 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT 18 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT 19 -A INPUT -j REJECT –reject-with icmp-host-prohibited 20 -A FORWARD -j REJECT –reject-with icmp-host-prohibited 21 COMMIT 22 ##################################### 23 /etc/init.d/iptables restart #最後重啓防火牆使配置生效
1 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017 2 *nat 3 :PREROUTING ACCEPT [0:0] 4 :INPUT ACCEPT [0:0] 5 :OUTPUT ACCEPT [136:8416] 6 :POSTROUTING ACCEPT [136:8416] 7 :OUTPUT_direct - [0:0] 8 :POSTROUTING_ZONES - [0:0] 9 :POSTROUTING_ZONES_SOURCE - [0:0] 10 :POSTROUTING_direct - [0:0] 11 :POST_public - [0:0] 12 :POST_public_allow - [0:0] 13 :POST_public_deny - [0:0] 14 :POST_public_log - [0:0] 15 :PREROUTING_ZONES - [0:0] 16 :PREROUTING_ZONES_SOURCE - [0:0] 17 :PREROUTING_direct - [0:0] 18 :PRE_public - [0:0] 19 :PRE_public_allow - [0:0] 20 :PRE_public_deny - [0:0] 21 :PRE_public_log - [0:0] 22 -A PREROUTING -j PREROUTING_direct 23 -A PREROUTING -j PREROUTING_ZONES_SOURCE 24 -A PREROUTING -j PREROUTING_ZONES 25 -A OUTPUT -j OUTPUT_direct 26 -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN 27 -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN 28 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 29 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 30 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE 31 -A POSTROUTING -j POSTROUTING_direct 32 -A POSTROUTING -j POSTROUTING_ZONES_SOURCE 33 -A POSTROUTING -j POSTROUTING_ZONES 34 -A POSTROUTING_ZONES -o enp0s3 -g POST_public 35 -A POSTROUTING_ZONES -g POST_public 36 -A POST_public -j POST_public_log 37 -A POST_public -j POST_public_deny 38 -A POST_public -j POST_public_allow 39 -A PREROUTING_ZONES -i enp0s3 -g PRE_public 40 -A PREROUTING_ZONES -g PRE_public 41 -A PRE_public -j PRE_public_log 42 -A PRE_public -j PRE_public_deny 43 -A PRE_public -j PRE_public_allow 44 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 45 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 46 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 47 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT 48 49 -A INPUT -j REJECT --reject-with icmp-host-prohibited 50 -A FORWARD -j REJECT --reject-with icmp-host-prohibited 51 #(以前我添加在下面,瀏覽器也是不能訪問的,必須放在上面!) 52 #容許8080端口經過防火牆 53 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 54 #容許3306端口經過防火牆 55 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 56 #容許9904端口經過防火牆 57 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT 58 COMMIT 59 # Completed on Fri Jul 28 19:10:39 2017 60 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017 61 *mangle 62 :PREROUTING ACCEPT [732:348610] 63 :INPUT ACCEPT [732:348610] 64 :FORWARD ACCEPT [0:0] 65 :OUTPUT ACCEPT [765:100277] 66 :POSTROUTING ACCEPT [767:100547] 67 :FORWARD_direct - [0:0] 68 :INPUT_direct - [0:0] 69 :OUTPUT_direct - [0:0] 70 :POSTROUTING_direct - [0:0] 71 :PREROUTING_ZONES - [0:0] 72 :PREROUTING_ZONES_SOURCE - [0:0] 73 :PREROUTING_direct - [0:0] 74 :PRE_public - [0:0] 75 :PRE_public_allow - [0:0] 76 :PRE_public_deny - [0:0] 77 :PRE_public_log - [0:0] 78 -A PREROUTING -j PREROUTING_direct 79 -A PREROUTING -j PREROUTING_ZONES_SOURCE 80 -A PREROUTING -j PREROUTING_ZONES 81 -A INPUT -j INPUT_direct 82 -A FORWARD -j FORWARD_direct 83 -A OUTPUT -j OUTPUT_direct 84 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 85 -A POSTROUTING -j POSTROUTING_direct 86 -A PREROUTING_ZONES -i enp0s3 -g PRE_public 87 -A PREROUTING_ZONES -g PRE_public 88 -A PRE_public -j PRE_public_log 89 -A PRE_public -j PRE_public_deny 90 -A PRE_public -j PRE_public_allow 91 COMMIT 92 # Completed on Fri Jul 28 19:10:39 2017 93 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017 94 *security 95 :INPUT ACCEPT [727:348220] 96 :FORWARD ACCEPT [0:0] 97 :OUTPUT ACCEPT [765:100277] 98 :FORWARD_direct - [0:0] 99 :INPUT_direct - [0:0] 100 :OUTPUT_direct - [0:0] 101 -A INPUT -j INPUT_direct 102 -A FORWARD -j FORWARD_direct 103 -A OUTPUT -j OUTPUT_direct 104 COMMIT 105 # Completed on Fri Jul 28 19:10:39 2017 106 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017 107 *raw 108 :PREROUTING ACCEPT [732:348610] 109 :OUTPUT ACCEPT [765:100277] 110 :OUTPUT_direct - [0:0] 111 :PREROUTING_direct - [0:0] 112 -A PREROUTING -j PREROUTING_direct 113 -A OUTPUT -j OUTPUT_direct 114 COMMIT 115 # Completed on Fri Jul 28 19:10:39 2017 116 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017 117 *filter 118 :INPUT ACCEPT [0:0] 119 :FORWARD ACCEPT [0:0] 120 :OUTPUT ACCEPT [14:984] 121 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 122 -A INPUT -p icmp -j ACCEPT 123 -A INPUT -i lo -j ACCEPT 124 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 125 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 126 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 127 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT 128 -A INPUT -j REJECT --reject-with icmp-host-prohibited 129 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 130 #容許3306端口經過防火牆 131 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 132 #容許9904端口經過防火牆 133 #-A INPUT -m state --state NEW -m tcp -p tcp 134 -A INPUT -j REJECT --reject-with icmp-host-prohibited 135 -A FORWARD -j REJECT --reject-with icmp-host-prohibited 136 COMMIT 137 # Completed on Fri Jul 28 19:10:39 201
相關文章
- 1. iptables 端口映射
- 2. iptables 端口轉發
- 3. 阿里雲centos7 用iptables 打開80端口
- 4. mac 打開端口
- 5. linux中用iptables開啓指定端口
- 6. Linux iptables開放特定端口
- 7. CentOS 7 使用iptables 開放端口
- 8. [linux]使用iptables的linux開放端口
- 9. centos iptables 開啓端口 22 80 21 3306
- 10. linux開放端口--防火牆iptables
- 更多相關文章...
- • WSDL 端口 - WSDL 教程
- • 使用UDP協議掃描端口 - TCP/IP教程
- • PHP開發工具
- • 算法總結-滑動窗口
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. eclipse設置粘貼字符串自動轉義
- 2. android客戶端學習-啓動模擬器異常Emulator: failed to initialize HAX: Invalid argument
- 3. android.view.InflateException: class com.jpardogo.listbuddies.lib.views.ListBuddiesLayout問題
- 4. MYSQL8.0數據庫恢復 MYSQL8.0ibd數據恢復 MYSQL8.0恢復數據庫
- 5. 你本是一個肉體,是什麼驅使你前行【1】
- 6. 2018.04.30
- 7. 2018.04.30
- 8. 你本是一個肉體,是什麼驅使你前行【3】
- 9. 你本是一個肉體,是什麼驅使你前行【2】
- 10. 【資訊】LocalBitcoins達到每週交易比特幣的7年低點
歡迎關注本站公眾號,獲取更多信息
