1.安装iptable iptable-service
#先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables yum update iptables #安装iptables-services yum install iptables-services
2.禁用/停止自带的firewalld服务
systemctl stop firewalld.service && sudo systemctl disable firewalld.service
3.将iptables置为开机自启
chkconfig iptables on
4.iptables的常用命令
service iptables start #启动服务
service iptables stop #停止服务
service iptables restart #重启服务
service iptables status #重启服务
5.查看iptables规则
iptables -L -n
6.附上常用端口开放文档
# Generated by iptables-save v1.4.7 on Wed Jul 11 20:48:21 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited # 上句之后添加的iptables无效 COMMIT # Completed on Wed Jul 11 20:48:21 2018