systemctl stop firewalld

systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

reference:https://www.cnblogs.com/anne32184/p/5961806.html
 vi /etc/sysconfig/iptables

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)

 特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

 添加好之后防火墙规则如下所示:

 ######################################

 # Firewall configuration written by system-config-firewall

 # Manual customization of this file is not recommended.

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [0:0]

 -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

 -A INPUT -j REJECT –reject-with icmp-host-prohibited

 -A FORWARD -j REJECT –reject-with icmp-host-prohibited

 COMMIT

 #####################################

 /etc/init.d/iptables restart      #最后重启防火墙使配置生效
 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *nat

 :PREROUTING ACCEPT [0:0]

 :INPUT ACCEPT [0:0]

 :OUTPUT ACCEPT [136:8416]

 :POSTROUTING ACCEPT [136:8416]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_ZONES - [0:0]

 :POSTROUTING_ZONES_SOURCE - [0:0]

 :POSTROUTING_direct - [0:0]

 :POST_public - [0:0]

 :POST_public_allow - [0:0]

 :POST_public_deny - [0:0]

 :POST_public_log - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

 -A POSTROUTING -j POSTROUTING_direct

 -A POSTROUTING -j POSTROUTING_ZONES_SOURCE

 -A POSTROUTING -j POSTROUTING_ZONES

 -A POSTROUTING_ZONES -o enp0s3 -g POST_public

 -A POSTROUTING_ZONES -g POST_public

 -A POST_public -j POST_public_log

 -A POST_public -j POST_public_deny

 -A POST_public -j POST_public_allow

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 #(之前我添加在下面,浏览器也是不能访问的,必须放在上面!)

 #允许8080端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *mangle

 :PREROUTING ACCEPT [732:348610]

 :INPUT ACCEPT [732:348610]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :POSTROUTING ACCEPT [767:100547]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_direct - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

 -A POSTROUTING -j POSTROUTING_direct

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *security

 :INPUT ACCEPT [727:348220]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *raw

 :PREROUTING ACCEPT [732:348610]

 :OUTPUT ACCEPT [765:100277]

 :OUTPUT_direct - [0:0]

 :PREROUTING_direct - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [14:984]

 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 COMMIT

 # Completed on Fri Jul 28 19:10:39 201

iptables打开22,80,8080,3306等端口的更多相关文章

  1. CentOS 7.5 ——如何开放80、8080、3306等端口

    CentOS 7.5 ——如何开放80.8080.3306等端口 ——说明:CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙——1.关闭firewall: s ...

  2. 启动PHPstudy提醒80、3306端口被占用

    端口占用会出现如下提醒 解决办法: 进入dos窗口:快捷键win+R,然后输入cmd 在dos窗口中输入命令:netstat   -ano(查找各端口所在进程的PID) 找到80和3306的程序PID ...

  3. iptables使用multiport 添加多个不连续端口 不指定

    iptables使用multiport 添加多个不连续端口   碟舞飞扬 , 01:26 , Linux技术 , 评论(0) , 引用(0) , 阅读(12214) , Via 本站原创 大 | 中  ...

  4. git clone https://github.com/istester/ido.git ,确提示“Failed to connect to 192.168.1.22 port 8080: Connection refused” 的解决办法 。

    不知道是否有同学遇到如下的问题: p.p1 { margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo } span.s1 { } git clone ...

  5. 关于eclipse tomcat 无法启动(8080,8005,8009端口被占用)的解决方法,附 eclipse tomcat 与 tomcat 并存方式

    eclipse 在编译运行时 新建的tomcat连接始终为stopped状态,描述为8080,8005,8009端口被占用. 这是因为在装完tomcat后,tomcat服务已启动,而eclipse仅仅 ...

  6. [ 转载 ] Mysql 远程连接+开放80和3306端口 常用配置

    直接上方法: 首先配置CentOS下防火墙iptables规则: # vim /etc/sysconfig/iptables 向其中加入下列规则: -A INPUT -m state –state N ...

  7. nagios系列(四)之nagios主动方式监控tcp常用的80/3306等端口监控web/syncd/mysql及url服务

    nagios主动方式监控tcp服务web/syncd/mysql及url cd /usr/local/nagios/libexec/ [root@node4 libexec]# ./check_tcp ...

  8. centos 6.5 防火墙通过 80 和 3306 端口

    vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPU ...

  9. CentOS中iptables防火墙 开放80端口方法

    开放端口:  代码如下 复制代码 [root@WX32 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT 保存配置:  代码如下 复制代码 [root ...

随机推荐

  1. 【转】移动App测试中的最佳做法

    一说起软件测试,测试员想到肯定是去检查文件,功能,API,性能并确定软件是否安全,以及关于软件特定部分的其他事项.但是对于移动测试,测试员不得不基于用户移动使用模式考虑移动相关的功能. 本文是基于我的 ...

  2. Window对应的类为java.awt.Windows, 它可独立于其他Container而存在

    Window对应的类为java.awt.Windows, 它可独立于其他Container而存在,它有两个子类, Frame和Dialog, Frame是具有标题(title)和可伸缩的角(resiz ...

  3. (转)java并发对象锁、类锁、私有锁

    转自:http://ifeve.com/java-locks/ 建议参考:http://www.zhihu.com/question/28113814 Java类锁和对象锁实践 感谢[jiehao]同 ...

  4. 金典 SQL笔记(9)

    page301-354其它解决方式 ---开窗函数 --測试数据及表 USE [NB] GO /****** 对象: Table [dbo].[T_Person2] 脚本日期: 08/14/2015 ...

  5. 配置管理之PackageProvider接口

     PackageProvider的开始 从前面几章中我们了解到了一点:想知道如何加载相关配置文件就必须去找StrutsXmlConfigurationProvider类和XmlConfiguratio ...

  6. Appcompat实现Action Bar的兼容性处理

    Appcompat实现Action Bar时,如果使用到split action bar或者Navigating Up with the App Icon需要考虑兼容性.下面介绍下split acti ...

  7. label 两次点击 事件冒泡 使用时间戳的解决方案

    情况描述:在页面中input 和 label 通过for banding 然后点击input 或者label的时候都要执行一个方法   但是在点击label的时候有两次执行两次的情况,及监听到的cli ...

  8. WebService之XFire和SOAP实例(基于JAVA)

    开发环境:jdk1.6 + Tomcat7 + MyEclipse10 源码下载地址张贴在文章最后面:首先是使用WSDL协议实现:这里使用XFire XFire一个免费.开源的SOAP框架,它构建了P ...

  9. 160624、Spark读取数据库(Mysql)的四种方式讲解

    目前Spark支持四种方式从数据库中读取数据,这里以Mysql为例进行介绍. 一.不指定查询条件 这个方式链接MySql的函数原型是: 1 def jdbc(url: String, table: S ...

  10. Minecraft Forge编程入门三 “初始化项目结构和逻辑”

    经过前面两个教程Minecraft Forge编程入门一 "环境搭建"和Minecraft Forge编程入门二 "工艺和食谱",我们大体知道了如何自定义合成配 ...