The default firewall of CentOS7 is not iptables, but firewalle;
#First check if iptables is installed service iptables status #install iptables yum install -y iptables #upgrade iptables yum update iptables #install iptables-services yum install iptables-services
Disable/stop the built-in firewalld service
#stop firewalld service systemctl stop firewalld #Disable firewalld service systemctl disable firewalld
start iptables
#start iptables service iptables start 或者 service iptables restart #close iptables service iptables stop #View iptables status service iptables status
set rules
#View iptables existing rules iptables -L -n #Allow all first, otherwise there may be cups iptables -P INPUT ACCEPT #Clear all default rules iptables -F #Clear all custom rules iptables -X #All counters return to 0 iptables -Z #Allow packets from the lo interface (local access) iptables -A INPUT -i lo -j ACCEPT #Open port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Open port 21 (FTP) iptables -A INPUT -p tcp --dport 21 -j ACCEPT #Open port 80 (HTTP) iptables -A INPUT -p tcp --dport 80 -j ACCEPT #Open port 443 (HTTPS) iptables -A INPUT -p tcp --dport 443 -j ACCEPT #Allow ping iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #Allow the return data RELATED after accepting the local request, which is set for FTP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #Other inbound will be discarded iptables -P INPUT DROP #All outbound will be green light iptables -P OUTPUT ACCEPT #All forwarding will be discarded iptables -P FORWARD DROP