iptables 开启80端口

[root@v01-svn-test-server online]# iptables -F#清空规则
[root@v01-svn-test-server online]# iptables -L#
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT /*允许包从22端口进入*/
[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

[root@v01-svn-test-server online]# iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT  #允许从22端口进入的包返回

[root@v01-svn-test-server online]# iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT #允许本机访问本机

[root@v01-svn-test-server online]# iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT

[root@v01-svn-test-server online]# iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT #允许所以IP访问80端 口
[root@v01-svn-test-server online]# iptables -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

service iptables save 

来实现保存到配置文件。 

这样重启计算机后,CentOS防火墙默认已经开放了80和22端口。

[root@v01-svn-test-server online]# service iptables save#保存配置
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@v01-svn-test-server online]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     all  --  localhost            localhost           
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh state ESTABLISHED 
ACCEPT     all  --  localhost            anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED 

[root@v01-svn-test-server online]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed Jun  1 20:55:03 2016
*filter
:INPUT ACCEPT [50:5062]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT 
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Wed Jun  1 20:55:03 2016

 查看防火墙信息：

[root@v01-svn-test-server online]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
2    ACCEPT     all  --  127.0.0.1            127.0.0.1           
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 state ESTABLISHED 
2    ACCEPT     all  --  127.0.0.1            0.0.0.0/0           
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED