centOS 6.3 ,防火墙配置,文件在/etc/sysconfig/iptables ,但这个文件默认没开启防火墙时,是没有的。需新建一个规则,然后save,就有了此文件:
#> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#>service iptables save然后就可以慢慢修改该文件了。修改以后保存,然后启动或重启iptables即可。
# Generated by iptables-save v1.4.7 on Sat Dec 28 17:15:57 2013 *filter :INPUT DROP [6:372] :FORWARD DROP [0:0] :OUTPUT ACCEPT [66:7188] #-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #new ssh 33 -A INPUT -p tcp -m tcp -s 119.255.xx.xxx --dport 33 -j ACCEPT -A INPUT -p tcp -m tcp -s 118.207.xx.xxx --dport 33 -j ACCEPT #mysql 3300 -A INPUT -p tcp -m tcp -s 118.207.xx.xxx --dport 3300 -j ACCEPT -A INPUT -p tcp -m tcp -s 119.255.xx.xxx --dport 3300 -j ACCEPT #tomcat 6868 -A INPUT -p tcp -m tcp -s 118.207.xx.xxx --dport 6868 -j ACCEPT -A INPUT -p tcp -m tcp -s 119.255.xx.xxx --dport 6868 -j ACCEPT #svn -A INPUT -p tcp -m tcp -s 118.207.xx.xxx --dport 9000 -j ACCEPT -A INPUT -p tcp -m tcp -s 119.255.xx.xxx --dport 9000 -j ACCEPT #ping -A INPUT -p icmp -m icmp -s 118.207.xx.xxx -j ACCEPT -A INPUT -p icmp -m icmp -s 119.255.xx.xxx -j ACCEPT #svn 5000 -A INPUT -p tcp -m tcp -s 118.207.xx.xxx --dport 5000 -j ACCEPT -A INPUT -p tcp -m tcp -s 119.255.xx.xxx --dport 5000 -j ACCEPT -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT #-A OUTPUT -p tcp -m tcp -d 119.255.xx.xxx --dport 33 -j ACCEPT #-A OUTPUT -p tcp -m tcp -d 118.207.xx.xxx --dport 33 -j ACCEPT -A OUTPUT -p icmp -m icmp -d 0/0 -s 0/0 -j ACCEPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT COMMIT # Completed on Sat Dec 28 17:15:57 2013