CentOS 7 Iptables Installation

The default firewall of CentOS7 is not iptables, but firewalle;

#First check if iptables is installed
service iptables status
#install iptables
yum install -y iptables
#upgrade iptables
yum update iptables
#install iptables-services
yum install iptables-services

Disable/stop the built-in firewalld service

#stop firewalld service
systemctl stop firewalld
#Disable firewalld service
systemctl disable firewalld

start iptables

#start iptables
service iptables start 或者 service iptables restart

#close iptables
service iptables stop

#View iptables status
service iptables status

set rules

#View iptables existing rules
iptables -L -n
#Allow all first, otherwise there may be cups
iptables -P INPUT ACCEPT
#Clear all default rules
iptables -F
#Clear all custom rules
iptables -X
#All counters return to 0
iptables -Z
#Allow packets from the lo interface (local access)
iptables -A INPUT -i lo -j ACCEPT
#Open port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Open port 21 (FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#Open port 80 (HTTP)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#Open port 443 (HTTPS)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#Allow ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
#Allow the return data RELATED after accepting the local request, which is set for FTP
iptables -A INPUT -m state --state  RELATED,ESTABLISHED -j ACCEPT
#Other inbound will be discarded
iptables -P INPUT DROP
#All outbound will be green light
iptables -P OUTPUT ACCEPT
#All forwarding will be discarded
iptables -P FORWARD DROP

CentOS 7 Iptables Installation

Guess you like