Shulou(Shulou.com)06/01 Report--

This article shows you how to set up the iptables firewall in centOS, the content is concise and easy to understand, it can definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

1. Install iptables Firewall

How do I know if iptables is installed on the system? Execute iptables-V, if displayed as follows:

Iptables v1.3.5

Indicates that iptables is already installed.

If you do not install iptables, you need to install it first, execute:

Yum install iptables

Set the firewall in Linux, and take CentOS as an example, open the configuration file of iptables:

Vi / etc/sysconfig/iptables

Use the / etc/init.d/iptables status command to query whether port 80 is open, and if not, you can handle it in two ways:

1. Modify the vi / etc/sysconfig/iptables command to make the firewall open port 80

-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT

two。 Turn off / turn on / restart the firewall

/ etc/init.d/iptables stop # start enable # restart restart

3. Permanently turn off the firewall

Chkconfig-level 35 iptables off / etc/init.d/iptables stop iptables-P INPUT DROP

4. Open port 21 in active mode

Iptables-An INPUT-p tcp-- dport 21-j ACCEPT

5. Open the port between passive mode 49152 and 65534

Iptables-An INPUT-p tcp-- dport 49152 tcp 65534-j ACCEPT

Iptables-An INPUT-I lo-j ACCEPT

Iptables-An INPUT-m state-- state ESTABLISHED-j ACCEPT

Restart iptables after all modifications:

Service iptables restart

You can verify that the rules are already in force:

Iptables-L

Through the introduction of the article, we clearly know the process of configuring iptables firewall under CentOS, and hope everyone can master it!

2. Clear the existing iptables rules

Iptables-F clears rules for all rule chains in the preset table filter

Iptables-X clears the rules in the user-customized chain in the preset table filter

Iptables-Z

3. Open the designated port

# allow local loopback interface (that is, run the local machine to access the local machine)

Iptables-An INPUT-s 127.0.0.1-d 127.0.0.1-j ACCEPT

# allow established or related traffic

Iptables-An INPUT-m state-state ESTABLISHED,RELATED-j ACCEPT

# allow all local outward access

Iptables-An OUTPUT-j ACCEPT

# allow access to port 22

Iptables-An INPUT-p tcp-dport 22-j ACCEPT

# allow access to port 80

Iptables-An INPUT-p tcp-dport 80-j ACCEPT

# allow ports 21 and 20 of FTP service

Iptables-An INPUT-p tcp-dport 21-j ACCEPT

Iptables-An INPUT-p tcp-dport 20-j ACCEPT

# if there are other ports, the rules are similar, just modify the above statement slightly

# prohibit access to other unauthorized rules

Iptables-An INPUT-j REJECT (Note: if port 22 does not join the allow rule, the SSH link will be broken directly. )

Iptables-A FORWARD-j REJECT

After execution, these configurations are just like configuring IP with commands, and the restart will have no effect. You must execute the following command to save.

/ etc/rc.d/init.d/iptables save

4. Block IP

# if you just want to block IP, "3. Open the specified port" can be skipped directly.

# the command to block a single IP is

Iptables-I INPUT-s 123.45.6.7-j DROP

# the command for the whole paragraph from 123.0.0.1 to 123.255.255.254

Iptables-I INPUT-s 123.0.0.0 iptables 8-j DROP

# IP paragraphs are commands from 123.45.0.1 to 123.45.255.254

Iptables-I INPUT-s 124.45.0.0 DROP 16-j

# commands for IP paragraphs from 123.45.6.1 to 123.45.6.254 are

Iptables-I INPUT-s 123.45.6.0 Universe 24-j DROP

5. View the added iptables rules

Iptables-L-n

V: displays details, including the number of matching packets and bytes for each rule

X: automatic unit conversion (K, M) is prohibited on the basis of v

N: only IP address and port number are displayed, and ip is not resolved to domain name

6. Delete iptables rules that have been added

Display all iptables with serial numbers, execute:

Iptables-L-n-line-numbers

For example, to delete the rule with serial number 8 in INPUT, execute:

Iptables-D INPUT 8

7. Startup and rule saving of iptables

It may exist on CentOS that iptables does not boot itself after iptables is installed, so you can perform the following:

Chkconfig-level 345 iptables on

Add it to boot boot.

Can be executed on CentOS: service iptables save save rules.

Note:

Be sure to give yourself a way back, leaving a management port for VNC and a management port for SSh.

It is important to note that you must modify this file according to the situation of your server.

The above is how to set up iptables firewall in centOS. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.