$ netstat -tln
Need to know what program is occupied, add the -p parameter
$ netstat -tlnp
can be filtered with grep
$ netstat -tlnp | grep 8080
iptables is a firewall under linux, and it is also a service name.
service iptables status View firewall status
service iptables start Turn on the firewall
service iptables stop Turn off the firewall
service iptables restart Restart the firewall
Firewall opens specific ports:
①File /etc/sysconfig/iptables ②Add
:
-A RH-Firewall-1-INPUT -m state - -state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
★The number 8080 means open port 8080, it can also be changed to other ports ★
③Restart the firewall
=============== =====================================================
Save Set up the firewall
serivce iptables save
View iptables rules and numbers
iptables -nL --line-number
Close all INPUT FORWARD (forwarding) OUTPUT all ports
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
only opens 22 ports
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
parameter explanation:
-A parameter is regarded as adding a rule
–p specifies what protocol, our commonly used tcp protocol, of course, also has udp, such as DNS on port 53
–dport is the target port, when data enters the server from the outside, it is the target port
–sport data goes out from the server, it is used for the data source port
-j is to specify that it is ACCEPT-receive or DROP does not receive.
Forbid an IP to access
iptables -A INPUT -p tcp -s 192.168.1.2 -j DROP
-s The parameter is the source (ie 192.168.1.2)
and the later rejection is the DROP
deletion rule
iptables -D INPUT 2
deletes the rule with INPUT chain number 2