参考博文: iptables防火墙只允许指定ip连接指定端口.访问指定网站 一.配置防火墙 打开配置文件 [root@localhost ~]# vi /etc/sysconfig/iptables 正确的配置文件 # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [:] :
Centos升级到7之后,内置的防火墙已经从iptables变成了firewalld.端口的开启还是要从两种情况来说明的,即iptables和firewalld. 一.iptables 1.打开/关闭/重启防火墙 开启防火墙(重启后永久生效):chkconfig iptables on 关闭防火墙(重启后永久生效):chkconfig iptables off 开启防火墙(即时生效,重启后失效):service iptables start 关闭防火墙(即时生效,重启后失效):service i
1.指令 vi /etc/sysconfig/iptables 添加以下内容和要开放的端口 # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --sta
# 查看防火墙状态 service iptables status # 停止防火墙 service iptables stop # 启动防火墙 service iptables start # 重启防火墙 service iptables restart # 永久关闭防火墙 chkconfig iptables off # 永久关闭后重启 chkconfig iptables on 2.查看防火墙状态,防火墙处于开启状态并且只开放了22端口
1.指令 vi /etc/sysconfig/iptables 添加以下内容和要开放的端口 # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --sta
vim /etc/sysconfig/iptables #丢弃所有进入请求 INPUT DROP [0:0] #丢弃所有转发请求 FORWARD DROP [0:0] #允许所有的output请求 OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #禁止ping服务 -A INPUT -p icmp -j DROP -A INPUT -i lo -j ACCEPT #开放22端口对外访问 -A
防火墙设置: With RHEL / CentOS , firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments. It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld serv