centos下的防火墙配置

时间:2023-03-09 00:37:00
centos下的防火墙配置

1,查看防火墙文件:

vim /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Thu Jan   ::

*filter

:INPUT ACCEPT [:]

:FORWARD ACCEPT [:]

:OUTPUT ACCEPT [:]

-A INPUT -p tcp -m tcp --dport  -j ACCEPT

-A INPUT -p tcp -m tcp --dport  -j ACCEPT

COMMIT

# Completed on Thu Jan   ::

2,添加开发端口:(添加,保存,重启)

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport  -j ACCEPT

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save

iptables:将防火墙规则保存到 /etc/sysconfig/iptables:     [确定]

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save

iptables:将防火墙规则保存到 /etc/sysconfig/iptables:     [确定]

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# service iptables restart

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Unloading modules:                               [  OK  ]

iptables: Applying firewall rules:                         [  OK  ]

3,查看防火墙状态,开启/关闭防火墙。

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/init.d/iptables status

表格:filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination         

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list

iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables on

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list

iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables off
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭

4,查看已经开启的端口。

[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# netstat -tanp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:60222               0.0.0.0:*                   LISTEN      30288/java

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      6716/mysqld

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      30342/nginx

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1460/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1537/master

tcp        0      0 192.168.0.153:22            61.144.66.28:2109           ESTABLISHED 30009/sshd

tcp        0      0 192.168.0.153:22            113.195.145.85:9582         ESTABLISHED 35585/sshd

tcp        0      0 192.168.0.153:80            14.18.243.92:2911           TIME_WAIT   -

tcp        0      0 192.168.0.153:22            14.18.243.92:17216          ESTABLISHED 35091/sshd

tcp        0      0 127.0.0.1:3306              127.0.0.1:48637             ESTABLISHED 6716/mysqld

tcp        0      0 127.0.0.1:3306              127.0.0.1:48635             ESTABLISHED 6716/mysqld

tcp        0      0 127.0.0.1:3306              127.0.0.1:48634             TIME_WAIT   -

tcp        0    880 192.168.0.153:22            14.18.243.92:21646          ESTABLISHED 35240/sshd

tcp        0      0 127.0.0.1:3306              127.0.0.1:48639             ESTABLISHED 6716/mysqld

tcp        0      0 127.0.0.1:3306              127.0.0.1:48638             ESTABLISHED 6716/mysqld

tcp        0      0 192.168.0.153:22            14.18.243.92:17485          ESTABLISHED 35528/sshd

tcp        0      0 127.0.0.1:3306              127.0.0.1:48636             ESTABLISHED 6716/mysqld

tcp        0      0 ::ffff:127.0.0.1:8005       :::*                        LISTEN      30288/java

tcp        0      0 :::8009                     :::*                        LISTEN      30288/java

tcp        0      0 :::8080                     :::*                        LISTEN      30288/java

tcp        0      0 :::22                       :::*                        LISTEN      1460/sshd

tcp        0      0 ::1:25                      :::*                        LISTEN      1537/master

tcp        0      0 ::ffff:127.0.0.1:48638      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java

tcp        0      0 ::ffff:127.0.0.1:48639      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java

tcp        0      0 ::ffff:127.0.0.1:48629      ::ffff:127.0.0.1:3306       TIME_WAIT   -

tcp        0      0 ::ffff:127.0.0.1:48636      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java

tcp        0      0 ::ffff:192.168.0.153:8080   ::ffff:14.18.243.92:11473   TIME_WAIT   -

tcp        0      0 ::ffff:127.0.0.1:48637      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java

tcp        0      0 ::ffff:127.0.0.1:48633      ::ffff:127.0.0.1:3306       TIME_WAIT   -

tcp        0      0 ::ffff:127.0.0.1:48628      ::ffff:127.0.0.1:3306       TIME_WAIT   -

tcp        0      0 ::ffff:127.0.0.1:48635      ::ffff:127.0.0.1:3306       ESTABLISHED 30288/java

相关文章