Method of configuring iptables firewall under RedHat (CentOS)


Set up a firewall in Linux. Take CentOS as an example, open the iptables configuration file:

vi /etc/sysconfig/iptables
Use the / etc / init.d/iptables status command to query whether port 80 is open. If not, you can handle it in two ways:

1. Modify the VI / etc / sysconfig / iptables command to add port 80 for the firewall

-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

2. Turn off / on / restart the firewall

/etc/init.d/iptables stop

#Start on

#Restart restart

3. Permanently close the firewall

chkconfig –level 35 iptables off

/etc/init.d/iptables stop

iptables -P INPUT DROP

4. Open active mode port 21

iptables -A INPUT -p tcp –dport 21 -j ACCEPT

5. Open the port between 49152 ~ 65534 in passive mode

iptables -A INPUT -p tcp –dport 49152:65534 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state –state ESTABLISHED -j ACCEPT

be careful:

Be sure to leave yourself a way back, leaving VNC a management port and SSH a management port

It should be noted that you must modify this file according to your own server.

Restart iptables after all modifications:

service iptables restart

You can verify whether the rules are in effect:

iptables -L