工具/材料
电脑、VMware12 、linux系统(RedHat)
预备知识
1、 使用VMware安装Linux
2、 Linux 常用命令之vi命令、网络命令
操作防火墙常用命令
1启动防火墙;service iptables start
3、 停止防火墙:service iptables stop
4、 永久关闭防火墙:chkconfig iptables off
5、 查看状态:iptables status
6、 查看版本:iptables –version
7、 查看规则列表:iptables –list
8、 查看某个端口状态: lsof –i:3306
10、查看防火墙状态:service iptables status
9、重启防火墙:service iptables restart
方法/步骤
1、输入命令vi /etc/sysconfig/iptables
—-编辑以下防火墙规则:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
~
~
~
~
"/etc/sysconfig/iptables" 15L, 608C
释义:22、80、8080为需要开放的端口
2、按Esc键>>输入:wq >>回车
3、重启防火墙,命令:service iptables restart
4、查看防火墙状态,命令:service iptables status
—–结果如下:
[root@RedhatLinux ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
释义:
ACCEPT代表22、80、8080端口已经被接受。
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080