- A+
centos7关闭firewall安装iptables
开启22、80、10050、10051、3306、等端口的操作记录
为什么关闭Firewall启用iptables呢?还不是因为Firewall长得不好看!
为什么关闭Firewall启用iptables呢?还不是因为Firewall用着不习惯!
1、关闭firewall:
[root@localhost ~]# systemctl stop firewalld.service //停止firewall
[root@localhost ~]# systemctl disable firewalld.service //禁止firewall开机启动
2、安装iptables防火墙
[root@localhost ~]# yum install iptables-services -y //安装
[root@localhost ~]# vim /etc/sysconfig/iptables //编辑防火墙配置文件
Firewall configuration written by system-config-firewall
Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -s 192.168.230.57 --dport 8080 -j ACCEPT
//设置8080端口只有192.168.230.57可以访问
-A INPUT -p tcp -s 192.168.230.93 --dport 8080 -j ACCEPT
-A INPUT -p tcp -s 192.168.230.0/24 --dport 3306 -j ACCEPT
//设置3306端口只允许内网ip连接
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
//开放22端口
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
//开放80端口
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
//开放8080端口,zabbix web界面端口
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10051 -j ACCEPT
//10050和10051端口是zabbix的两个端口,至于zabbix是做什么用的这里就不赘述了,可以站内搜索zabbix
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@localhost ~]# systemctl restart iptables.service //最后重启防火墙使配置生效
[root@localhost ~]# systemctl enable iptables.service //设置防火墙开机启动
[root@localhost ~]# iptables -L //查看防火墙规则,默认的是-t filter,如果是nat表查看,即iptables -t nat -L