葛廷彬的学习博客

记录学习工作中碰到的问题

centos防火墙规则

 


[root@iZ28b8ytwvkZ ~]# yum install iptables    #安装防火墙
[root@iZ28b8ytwvkZ ~]#rm -rf  /etc/sysconfig/iptables  #删除防火墙规则
[root@localhost ~]# vi /etc/sysconfig/iptables      #编辑防火墙规则                                                 
[root@localhost ~]# service iptables stop    #关闭防火墙
[root@localhost ~]# service iptables start   #开启防火墙
[root@localhost ~]# service iptables restart  #重启防火墙
编辑防火墙:
[root@localhost ~]#vi /etc/sysconfig/iptables  #编辑防火墙规则
------------开始------------------------------------------------
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 58.56.89.221  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s 124.128.23.78  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s  10.162.203.174  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s  10.171.30.167  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s  10.171.30.230  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s  10.162.210.21  -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s  10.171.30.146  -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
~                                              
-----------结束-------------------------------------------------------------
[root@localhost ~]# chkconfig iptables off     #永久关闭防火墙
[root@localhost ~]#chkconfig --levels 235 iptables on && chkconfig --list iptables   #启动和查看防火墙
测试
telnet 182.92.64.142 21
telnet  182.92.158.5 21
telnet 182.92.158.79 21
telnet  182.92.128.252 21
telnet  182.92.159.109 21


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.5.2 Zero

鲁ICP备19064028号 13658636711 getingbin@126.com