在网上搜索了很多这种资料,现在总结一下以备后用。
1、关闭防火墙:sudo systemctl stop firewalld.service
2、关闭开机启动:sudo systemctl disable firewalld.service
3、安装iptables防火墙,执行以下命令安装iptables防火墙:sudo yum install iptables-services
4、配置iptables防火墙,打开指定端口:
(1)vi /etc/sysconfig/iptables #进入配置界面
(2)# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
(3):wq! #保存提交
5. 设置iptables防火墙开机启动:sudo systemctl enable iptables
至此,防火墙配置完成。(我这里只是开放了22、80、3306端口,大家可以根据自己在实际生产中的需要配置端口)
