|
In our system, when using CentOS, CentOS firewall is sometimes necessary to change the settings. CentOS firewall is enabled by default, set the CentOS firewall open port as follows:
Open iptables configuration file:
vi / etc / sysconfig / iptables
When modifying CentOS firewall Note: Be sure to give yourself a good way out, leaving a VNC port management and port management SSh
Here is an example of an iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
* Filter
: INPUT ACCEPT [0: 0]
: FORWARD ACCEPT [0: 0]
: OUTPUT ACCEPT [0: 0]
: RH-Firewall-1-INPUT - [0: 0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state ESTABLISHED, RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m udp -p udp -dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT -reject-with icmp-host-prohibited
COMMIT
Modify CentOS firewall should be noted that, according to their own server you have to modify this file.
For example, if you do not want to open port 80 to provide web services, it should be appropriate to delete this line:
-A RH-Firewall-1-INPUT -m state -state NEW -m tcp -p tcp -dport 80 -j ACCEPT
All iptables restart after modifying:
service iptables restart
You can verify whether the rules are already in force: iptables -L
Thus, we have completed the modified settings CentOS firewall. |
|
|
|