配置防火牆，開啟80埠、3306埠 & iptables 使用詳解

阿新 • • 發佈：2019-02-11

1：配置防火牆，開啟80埠、3306埠

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT（允許80埠通過防火牆）
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT（允許3306埠通過防火牆）
特別提示：很多網友把這兩條規則新增到防火牆配置的最後一行，導致防火牆啟動失敗，正確的應該是新增到預設的22埠這條規則的下面
新增好之後防火牆規則如下所示：
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################

/etc/init.d/iptables restart #最後重啟防火牆使配置生效

2：iptables 使用詳解

Centos 6 iptables 配置

Ben

2011/12/24

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

-----------

插入1條記錄

[[email protected] ben.liu]# iptables -I INPUT -j ACCEPT -s 172.16.0.0/16 -p tcp --dport 443 -m state --state NEW

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW

2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

[[email protected] ben.liu]# iptables-save

# Generated by iptables-save v1.4.7 on Sat Dec 24 16:50:09 2011

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [201:20052]

-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Sat Dec 24 16:50:09 2011

修改1條記錄：比如第7條 state NEW tcp dpt:22

[[email protected] ben.liu]# iptables -R INPUT 7 -s 172.16.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

[[email protected] ben.liu]# iptables status

Bad argument `status'

Try `iptables -h' or 'iptables --help' for more information.

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW

2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

7 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 state NEW tcp dpt:22

8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

刪除1條記錄，比如：第7條

[[email protected] ben.liu]# iptables -D INPUT 7

[[email protected] ben.liu]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:https state NEW

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcc-mfp

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT icmp -- anywhere anywhere

ACCEPT all -- anywhere anywhere

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

[[email protected] ben.liu]# iptables -L -n

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW

2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

---

清空所有INPUT 記錄

[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak

[[email protected] ben.liu]# iptables -F INPUT

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak

[[email protected] ben.liu]# iptables -F INPUT

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

恢復以前儲存的記錄：

[[email protected] ben.liu]# iptables-restore /etc/sysconfig/iptables.bak

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW

2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256

3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

[[email protected] ben.liu]# iptables-save

# Generated by iptables-save v1.4.7 on Sat Dec 24 17:24:57 2011

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [44:5152]

-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Sat Dec 24 17:24:57 2011

----------

檢視iptables 啟動的規則檔案：

[[email protected] ben.liu]# cat /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

---

關閉/ 禁止、允許隨系統啟動/啟動/重啟/ iptables服務

[[email protected] ben.liu]# service iptables stop

iptables: Flushing firewall rules: [ OK ]

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Unloading modules: [ OK ]

[[email protected] ben.liu]# chkconfig --level 35 iptables off

[[email protected] ben.liu]# chkconfig --level 35 iptables on

[[email protected] ben.liu]# service iptables start

iptables: Applying firewall rules: [ OK ]

[[email protected] ben.liu]# service iptables restart

iptables: Flushing firewall rules: [ OK ]

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

配置防火牆，開啟80埠、3306埠 & iptables 使用詳解

配置防火牆，開啟80埠、3306埠 & iptables 使用詳解

Linux配置防火牆，開啟80埠、3306埠可能會遇到的小問題

Centos7,配置防火牆，開啟埠

阿里雲伺服器 centos 開啟80埠、3306埠

Unix環境程式設計之二：檔案描述符、開啟檔案表、v節點關係詳解

Linux配置防火墻，開啟80端口、3306端口

linux開啟防火牆，開放80埠，開放mysql的3306埠，開放svn的3609埠，開放tomcat的8080埠。

linux centos開啟 80、22、3306埠方案

ubuntu下設定防火牆，開啟指定埠

Centos7防火牆用法，centos7開放埠、關閉埠

CentOS 6.8 配置防火牆，開放8080埠

CentOS學習21_ CentOS 配置防火牆操作例項（啟、停、開、閉埠）

CentOS 配置防火牆操作例項（啟、停、開、閉埠）整理

phpstudy執行時80埠和3306埠被佔用解決方法

linux下根據根據程序號查埠、根據埠號查程序號彙總，以及netstat的相關資料（工作中匱乏的知識）

phpstudy配置https，開啟httpd-ssl.conf，Apache就啟動不了的原因

除了花生殼，還有每步、nat123埠對映等不少可以選擇的

業余草分享面試題，JVM結構、GC工作機制詳解

[轉帖]記憶體核心頻率、工作頻率，等效頻率、預讀取技術詳解

如何安裝Nexus Repository Manager OSS 3.x，如何搭建管理Maven私服，win10、win7通用安裝詳解，附：錯誤解決方案。

配置防火牆，開啟80埠、3306埠 & iptables 使用詳解

相關推薦