iptables位置
cd /etc/sysconfig/
ll | grep iptables
设定一条规则
sudo iptables -A INPUT -p tcp --dport 10010 -j ACCEPT
sudo service iptables save
防火墙的基本操作命令
sudo service iptables status
sudo service iptables stop
sudo service iptables start
sudo service iptables restart
sudo chkconfig iptables off
sudo chkconfig iptables on
Java后台防火墙规则
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED ,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
#ssh port
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#vsftpd port
-A INPUT -p TCP --dport 61001 : 62000 -j ACCEPT
-A OUTPUT -p TCP --sport 61001 : 62000 -j ACCEPT
-A INPUT -p TCP --dport 20 -j ACCEPT
-A OUTPUT -p TCP --sport 20 -j ACCEPT
-A INPUT -p TCP --dport 21 -j ACCEPT
-A OUTPUT -p TCP --sport 21 -j ACCEPT
#mysql port
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#tomcat remote debug port
-A INPUT -p tcp -m tcp --dport 5005 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
#nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT