Iptables configuration (1) Check the settings of the machine about IPTABLES # iptables -L -n Operating status service iptables status (2) Configuration file /etc/sysconfig/iptables After adding the configuration, restart the process, or add the configuration on the command line, execute iptables save, and save it to the configuration file. (3) Start the process # service iptables restart (stop, start, restart) (4) Configuration explanation: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter --- use filter table :INPUT ACCEPT [0:0] --input accept by default :FORWARD ACCEPT [0:0] --forward Accept by default :OUTPUT ACCEPT [0:0] --output accept by default -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ---- Indicates that all packets in the ESTABLISHED or RELATED state, the policy is accepted -A INPUT -p icmp -j ACCEPT ---- accept all icmp packets -A INPUT -i lo -j ACCEPT ----Accept all packets on the lo interface -A INPUT -p tcp -s 10.161.217.135 --dport 22 -j ACCEPT --allow 10.161.217.135 to access tcp 22 port -A INPUT -p tcp -s 10.162.78.56 --dport 22 -j ACCEPT --allow 10.162.78.56 to access tcp 22 port -A INPUT -p tcp --dport 22 -j REJECT -- Deny all access to tcp 22 port -A INPUT -i eth1 -j REJECT --reject-with icmp-host-prohibited --Reject all packets on the Eth1 interface -A FORWARD -j REJECT --reject-with icmp-host-prohibited --Reject all forward packets COMMIT (5) Add a firewall to automatically start at boot chkconfig iptables on Note: After starting the firewall, do not disconnect the current terminal, and open another terminal to test whether you can log in normally. SSH prohibits root remote login Modify the ssh configuration file as follows: /etc/ssh/sshd_config PermitRootLogin no Restart ssh to take effect: service sshd restart