(命令直接复制执行!)
查看防火墙状态:
/etc/init.d/iptables status
暂时关闭防火墙:
/etc/init.d/iptables stop
配置防火墙:
vi /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT(允许8080端口通过防火墙)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
添加好之后防火墙配置如下所示:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
注意:添加的端口要放在22端口规则后面。
重启防火墙使配置生效:
/etc/init.d/iptables restart