Linux 防火墙

查看防火墙的状况

service iptables status

防火墙编辑

vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 177 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.158.205 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.158.142 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.158.102 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.159.225 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.159.221 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.159.197 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.144.19 -p tcp --dport 1521 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -s 218.193.144.55 -p tcp --dport 1521 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

 

重启防火墙

service iptables restart 或 service firewalld restart

开启与关闭防火墙

1) 永久生效

开启: chkconfig iptables on
　　  chkconfig ip6tables on ---针对ipv6
关闭: chkconfig iptables off
　　  chkconfig ip6tables off ---针对ipv6

2) 即时生效，重启后失效
开启: service iptables start
关闭: service iptables stop

3) Centos7.0 以后不再使用 service, 而是systemctl
状态：systemctl status firewalld
开启：systemctl start firewalld
关闭：systemctl stop firewalld