| |
CentOS 7.0 before seemingly are using iptables firewall, and after 7.0 is firewall, in fact, I do not know as well, but most people are using iptables, so I have to use it.
First, turn off firewall
1 // Stop firewall
2 sudo systemctl stop firewalld.service
3 // Disable firewall boot
4 sudo systemctl disable firewalld.service
Second, of course, is to install a firewall iptables
1. Install
1 // Installation
2 sudo yum install iptables-services
Configuring
// Edit iptables, use sudo if the authority is not enough to open
vi / etc / sysconfig / iptables
//document content
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
* Filter
: INPUT ACCEPT [0: 0]
: FORWARD ACCEPT [0: 0]
: OUTPUT ACCEPT [0: 0]
-A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
//save document
C + C and then: wq exit -> Due emacs diet where C represents Ctrl, so C + C is actually Ctrl + C, so the basic will write later, more convenient.
// Restart the firewall configuration to take effect
sudo systemctl restart iptables.service
// Set up a firewall boot
sudo systemctl enable iptables.service
OK, then, your iptables already configured, if you later want to add a port, then read on.
3. Open Ports
// * Asked replaced inside the port number you want to open
/ Sbin / iptables -I INPUT -p tcp --dport * -j ACCEPT
// Save the configuration
/etc/rc.d/init.d/iptables save
// Check iptables after you change
/etc/init.d/iptables status
// Restart iptables
sudo service iptables restart
Well, these are some of the basic configuration of iptables, there are super-tough stuff, I hope you can tell me about. |
|
|
|