centos下的防火墙配置

1，查看防火墙文件：

vim /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Thu Jan  7 19:42:44 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12:1484]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
# Completed on Thu Jan  7 19:42:44 2016

2,添加开发端口：（添加，保存，重启）

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

3，查看防火墙状态，开启/关闭防火墙。

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/init.d/iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables on
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables off
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭

4，查看已经开启的端口。

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:60222               0.0.0.0:*                   LISTEN      30288/java          
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      6716/mysqld         
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      30342/nginx         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1460/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1537/master         
tcp        0      0 192.168.0.153:22            61.144.66.28:2109           ESTABLISHED 30009/sshd          
tcp        0      0 192.168.0.153:22            113.195.145.85:9582         ESTABLISHED 35585/sshd          
tcp        0      0 192.168.0.153:80            14.18.243.92:2911           TIME_WAIT   -                   
tcp        0      0 192.168.0.153:22            14.18.243.92:17216          ESTABLISHED 35091/sshd          
tcp        0      0 127.0.0.1:3306              127.0.0.1:48637             ESTABLISHED 6716/mysqld         
tcp        0      0 127.0.0.1:3306              127.0.0.1:48635             ESTABLISHED 6716/mysqld         
tcp        0      0 127.0.0.1:3306              127.0.0.1:48634             TIME_WAIT   -                   
tcp        0    880 192.168.0.153:22            14.18.243.92:21646          ESTABLISHED 35240/sshd          
tcp        0      0 127.0.0.1:3306              127.0.0.1:48639             ESTABLISHED 6716/mysqld         
tcp        0      0 127.0.0.1:3306              127.0.0.1:48638             ESTABLISHED 6716/mysqld         
tcp        0      0 192.168.0.153:22            14.18.243.92:17485          ESTABLISHED 35528/sshd          
tcp        0      0 127.0.0.1:3306              127.0.0.1:48636             ESTABLISHED 6716/mysqld         
tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      30288/java          
tcp        0      0 :::8009                     :::*                        LISTEN      30288/java          
tcp        0      0 :::8080                     :::*                        LISTEN      30288/java          
tcp        0      0 :::22                       :::*                        LISTEN      1460/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1537/master         
tcp        0      0 ::ffff:127.0.0.1:48638      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java          
tcp        0      0 ::ffff:127.0.0.1:48639      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java          
tcp        0      0 ::ffff:127.0.0.1:48629      ::ffff:127.0.0.1:3306       TIME_WAIT   -                   
tcp        0      0 ::ffff:127.0.0.1:48636      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java          
tcp        0      0 ::ffff:192.168.0.153:8080   ::ffff:14.18.243.92:11473   TIME_WAIT   -                   
tcp        0      0 ::ffff:127.0.0.1:48637      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java          
tcp        0      0 ::ffff:127.0.0.1:48633      ::ffff:127.0.0.1:3306       TIME_WAIT   -                   
tcp        0      0 ::ffff:127.0.0.1:48628      ::ffff:127.0.0.1:3306       TIME_WAIT   -                   
tcp        0      0 ::ffff:127.0.0.1:48635      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java