环境版本
# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.4.1708 (Core)
Release: 7.4.1708
Codename: Core
-
关闭firewall
systemctl stop firewalld.service -
禁止firewall开机启动
system disable firewalld.service -
安装iptables.service
yum install iptables-services -
修改配置
vi /etc/sysonfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT #ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 433 -j ACCEPT #https
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT #http
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT #mysql
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT #postgresql
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-
保存退出
:wq! -
重启防火墙
systemctl restart iptables.service -
设置开机启动
systemctl enable iptables.service -
查看状态
systemctl status iptables.service
网友评论