linux配置放火墙开放端口

vi /etc/sysconfig/iptables 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)  -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)  特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示:

######################################  # Firewall configuration written by system-config-firewall  # Manual customization of this file is not recommended.  *filter  :INPUT ACCEPT [0:0]  :FORWARD ACCEPT [0:0]  :OUTPUT ACCEPT [0:0]  -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT  -A INPUT -p icmp -j ACCEPT  -A INPUT -i lo -j ACCEPT  -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT  -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT  -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT  -A INPUT -j REJECT –reject-with icmp-host-prohibited  -A FORWARD -j REJECT –reject-with icmp-host-prohibited  COMMIT  #####################################

/etc/init.d/iptables restart        #最后重启防火墙使配置生效

文章来自【 http://www.myhack58.com/Article/48/66/2012/34999.htm 】

posted @ 2015-09-30 20:28  suhanyujie  阅读(284)  评论(0编辑  收藏  举报