zoukankan      html  css  js  c++  java

  • linux配置防火墙和重启防火墙

    1、在linux系统里面找到并打开编辑配置防火墙的文件,执行命令:
    vi /etc/sysconfig/iptables。

    2、在上面打开的文件里面加入一下语句:
    -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙,这里以80端口为例)。

    需要注意的是上面这条语句不要加载文件的最后面,这样会导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

    3、添加好之后防火墙规则如下所示:
     

    # Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

      

    • 4、重启防火墙使配置生效
    /etc/init.d/iptables restart 或者  service iptables restart
    重启如下:
    [root@localhost bin]# /etc/init.d/iptables restart
iptables:将链设置为政策 ACCEPT:filter                    [确定]
iptables:清除防火墙规则:                                 [确定]
iptables:正在卸载模块:                                   [确定]
iptables:应用防火墙规则:                                 [确定]

    查看防火墙规则是否生效

    [root@localhost bin]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
     
  • 相关阅读:
    [leetcode] Reverse Linked List II
    利用ServletContextListener实现定时任务
    以追加方式写入文件的几种方法
    序列化反序列化的几种方式
    最常用快捷键
    Eclipse快捷键大全
    【MongoDB for Java】Java操作MongoDB
    JQuery EasyUI window 用法
    Oracle sql 性能优化调整
    Jodd 3.3
  • 原文地址:https://www.cnblogs.com/flzs/p/10743137.html
Copyright © 2011-2022 走看看