Archive for June 29, 2018

Linux Firewall Configuration,Open port 80、3306port

1) After the restart to take effect
Open: chkconfig iptables on
shut down: chkconfig iptables off

2) With immediate effect,After the restart failure
Open: service iptables start
shut down: service iptables stop

 

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT (allow 80 port through the firewall)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT (allow port 3306 through the firewall)
Special Note:Many users add these two rules to the last line of firewall configuration,Cause the firewall fails to start,Right should be added to the default port 22. This rule below

After adding a good firewall rules are as follows:

######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart
#Finally, reboot the firewall configuration to take effect

 

 

systemctl stop iptables firewall service iptables save systemctl restart iptables

Comments