Shulou(Shulou.com)06/02 Report--

Most of the time we install web services applications on liunx systems (tomcat, apache, etc.), we need to make other computers able to access the application, while linux systems (centos, redhat, etc.) firewall is only open to the public port 22 by default.

Port settings for linux systems are configured in the/etc/sysconfig/iptables file. Open the file using an editor. It reads as follows:

# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

The code on the Internet is as follows:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT

I tested the above code in CentOS 6.5 and couldn't succeed.

If we need to open port 80 to the outside world, add the following code to the above file

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Also note that this code needs to be added to

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Otherwise, the port cannot be opened. The final match is as follows:

# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

Editing the above file requires su permission.

After saving the above file, run the following command on the terminal: Update Firewall Configuration

service iptables restart

The following command can see the open port

/sbin/iptables -L -n

The following commands turn the firewall off/on (requires a system reboot)

Open: chkconfig iptables on Close: chkconfig iptables off

The following code can start and stop the firewall (effective immediately, disabled after restart)

Open: service iptables start Close: service iptables stop

The above is a small series to introduce you to the linux system open 3306, 8080 and other ports, firewall settings detailed integration, I hope to help you, if you have any questions please give me a message, small series will reply to you in time. Thank you very much for your support!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.