centos 7 配置iptables(轉)
阿新 • • 發佈:2017-11-22
sysconf nta 配置ip sco ces num acc csharp rest
一、防火墻配置
1、檢測並關閉firewall
1 2 3 4 5 |
systemctl status firewalld.service #檢測是否開啟了firewall
systemctl stop firewalld.service #關閉firewall
sytsemctl disable firewalld.service #禁止firewall開機自啟
|
2、檢測並安裝iptables
1 |
yum install iptables-services
|
將規則寫入iptables配置文件
1 |
vi /etc/sysconfig/iptables |
1 |
iptables文件內容:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
|
systemctl restart iptables.service
systemctl enable iptables.service
centos 7 配置iptables(轉)