Linux防火墙开放端口

 

本次演示是在linux防火墙开启的状态,开放端口(本次演示开启1521端口)

 

 

查看防火墙策略:

[root@localhost ~]# service iptables status


Table: filter

Chain INPUT (policy ACCEPT)
num target     prot opt source               destination        
1   ACCEPT     all  -- 0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3   ACCEPT     all  -- 0.0.0.0/0            0.0.0.0/0          
4   ACCEPT     tcp  -- 0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5   REJECT     all  -- 0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target     prot opt source               destination        
1   REJECT     all  -- 0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target     prot opt source               destination  


开放1521端口:

[root@localhost~]# iptables -A INPUT -p tcp --dport 1521 -j ACCEPT


重启防火墙及保存更改

[root@localhost~]# service iptables restart

[root@localhost~]# /etc/rc.d/init.d/iptables save


查看防火墙策略:

 [root@localhost~]# vi /etc/sysconfig/iptables

 

# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [5:556]

-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-withicmp-host-prohibited

-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT

-A FORWARD -j REJECT --reject-withicmp-host-prohibited

COMMIT

# Completed on Sat Nov 21 14:11:30 2015

 

注:在上面的文件中,需要修改一下顺序,因为 INPUT -j REJECT是除了以上的规则,都拒绝的,所以要把 -A INPUT -p tcp -m tcp --dport 1521 -j ACCEPT 放置在INPUT -j REJECT的上面,使之规则有效,如下:

 

# Generated by iptables-save v1.4.7 on SatNov 21 14:11:30 2015

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [5:556]

-A INPUT -m state --stateRELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp--dport 22 -j ACCEPT

-A INPUT -p tcp -m tcp--dport 1521 -j ACCEPT

-A INPUT -j REJECT --reject-withicmp-host-prohibited

-A FORWARD -j REJECT --reject-withicmp-host-prohibited

COMMIT

# Completed on Sat Nov 21 14:11:30 2015

 

 


在另一台linux服务器telnet,测试一下端口情况,没问题

[root@rac1 oracle]# telnet 192.168.103.110 1521

Trying 192.168.103.110...
Connected to 192.168.103.110.
Escape character is '^]'.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值