systemctl stop firewalld

systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

reference:https://www.cnblogs.com/anne32184/p/5961806.html
 vi /etc/sysconfig/iptables

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)

 特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

 添加好之后防火墙规则如下所示:

 ######################################

 # Firewall configuration written by system-config-firewall

 # Manual customization of this file is not recommended.

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [0:0]

 -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

 -A INPUT -j REJECT –reject-with icmp-host-prohibited

 -A FORWARD -j REJECT –reject-with icmp-host-prohibited

 COMMIT

 #####################################

 /etc/init.d/iptables restart      #最后重启防火墙使配置生效
 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *nat

 :PREROUTING ACCEPT [0:0]

 :INPUT ACCEPT [0:0]

 :OUTPUT ACCEPT [136:8416]

 :POSTROUTING ACCEPT [136:8416]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_ZONES - [0:0]

 :POSTROUTING_ZONES_SOURCE - [0:0]

 :POSTROUTING_direct - [0:0]

 :POST_public - [0:0]

 :POST_public_allow - [0:0]

 :POST_public_deny - [0:0]

 :POST_public_log - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

 -A POSTROUTING -j POSTROUTING_direct

 -A POSTROUTING -j POSTROUTING_ZONES_SOURCE

 -A POSTROUTING -j POSTROUTING_ZONES

 -A POSTROUTING_ZONES -o enp0s3 -g POST_public

 -A POSTROUTING_ZONES -g POST_public

 -A POST_public -j POST_public_log

 -A POST_public -j POST_public_deny

 -A POST_public -j POST_public_allow

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 #(之前我添加在下面,浏览器也是不能访问的,必须放在上面!)

 #允许8080端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *mangle

 :PREROUTING ACCEPT [732:348610]

 :INPUT ACCEPT [732:348610]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :POSTROUTING ACCEPT [767:100547]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_direct - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

 -A POSTROUTING -j POSTROUTING_direct

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *security

 :INPUT ACCEPT [727:348220]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *raw

 :PREROUTING ACCEPT [732:348610]

 :OUTPUT ACCEPT [765:100277]

 :OUTPUT_direct - [0:0]

 :PREROUTING_direct - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [14:984]

 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 COMMIT

 # Completed on Fri Jul 28 19:10:39 201

iptables打开22,80,8080,3306等端口的更多相关文章

  1. CentOS 7.5 ——如何开放80、8080、3306等端口

    CentOS 7.5 ——如何开放80.8080.3306等端口 ——说明:CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙——1.关闭firewall: s ...

  2. 启动PHPstudy提醒80、3306端口被占用

    端口占用会出现如下提醒 解决办法: 进入dos窗口:快捷键win+R,然后输入cmd 在dos窗口中输入命令:netstat   -ano(查找各端口所在进程的PID) 找到80和3306的程序PID ...

  3. iptables使用multiport 添加多个不连续端口 不指定

    iptables使用multiport 添加多个不连续端口   碟舞飞扬 , 01:26 , Linux技术 , 评论(0) , 引用(0) , 阅读(12214) , Via 本站原创 大 | 中  ...

  4. git clone https://github.com/istester/ido.git ,确提示“Failed to connect to 192.168.1.22 port 8080: Connection refused” 的解决办法 。

    不知道是否有同学遇到如下的问题: p.p1 { margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo } span.s1 { } git clone ...

  5. 关于eclipse tomcat 无法启动(8080,8005,8009端口被占用)的解决方法,附 eclipse tomcat 与 tomcat 并存方式

    eclipse 在编译运行时 新建的tomcat连接始终为stopped状态,描述为8080,8005,8009端口被占用. 这是因为在装完tomcat后,tomcat服务已启动,而eclipse仅仅 ...

  6. [ 转载 ] Mysql 远程连接+开放80和3306端口 常用配置

    直接上方法: 首先配置CentOS下防火墙iptables规则: # vim /etc/sysconfig/iptables 向其中加入下列规则: -A INPUT -m state –state N ...

  7. nagios系列(四)之nagios主动方式监控tcp常用的80/3306等端口监控web/syncd/mysql及url服务

    nagios主动方式监控tcp服务web/syncd/mysql及url cd /usr/local/nagios/libexec/ [root@node4 libexec]# ./check_tcp ...

  8. centos 6.5 防火墙通过 80 和 3306 端口

    vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPU ...

  9. CentOS中iptables防火墙 开放80端口方法

    开放端口:  代码如下 复制代码 [root@WX32 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT 保存配置:  代码如下 复制代码 [root ...

随机推荐

  1. linux split

    说来惭愧,用了这么久linux会的命令也只有常用的那么几个.. 今天刚刚学到的一个很实用的split命令,原本就只是知道开发语言中有split方法用来切分字符串,linux命令行也提供了这样一个方法. ...

  2. beautifulSoup安装

    Python2.7 + beautifulSoup 4.4.1 安装配置 原创 2016年05月09日 10:20:30 标签: python 1261 1. 前言 最近研究python 的爬虫功能, ...

  3. EasyUI项目学习

    介绍easyui的使用,主要包括以下组件 布局面板 - layout 可伸缩面板 - accordion 选项卡 - tabs 控制面板 - panel 窗口 - window 对话框 - dialo ...

  4. 在项目中用过Spring的哪些方面?及用过哪些Ajax框架?

    在项目中用过Spring的哪些方面?及用过哪些Ajax框架? 解答:在项目使用过Spring IOC ,AOP,DAO,ORM,还有上下文环境. 在项目使用过Ext,Juery等Ajax框架.

  5. Extjs5 app.js缓冲设置

    在6月2日Extjs5正式版公布后.粗略研究了一下,sencha推荐使用project编译来公布应用.开发过程中用sencha app watch命令就可以生成服务.每建立一个js类,就须要Ctrl+ ...

  6. AutoMapper整理收集

    http://www.cnblogs.com/jobs2/p/3503990.html http://www.cnblogs.com/1-2-3/p/AutoMapper-Best-Practice. ...

  7. 配置管理之PackageProvider接口

     PackageProvider的开始 从前面几章中我们了解到了一点:想知道如何加载相关配置文件就必须去找StrutsXmlConfigurationProvider类和XmlConfiguratio ...

  8. 显示所有APP的进程详细信息(进程ID、进程所在UID、进程占用内存、进程名)

    main.xml <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:and ...

  9. linux mysql 新增用户 分配权限

    insert into mysql.user(Host,User,Password) values("%","admin",password("adm ...

  10. Oracle给大数值添加逗号的分位符形如:9,999,999,999

    SELECT TO_CHAR(1231231123, '9,999,999,999') FROM dual; 1,231,231,123 SELECT TO_CHAR(1231231123, '9,9 ...