To see which ports are open netstat -anp
closes the port number:
iptables -A OUTPUT -p tcp --dport port number -j DROP
Open port number:
iptables -A OUTPUT -p tcp --dport port number -j ACCEPT
After the above iptables configuration, it only takes effect temporarily, and it will be reset after restarting iptables.
To make the iptables configuration permanent, you need to modify /etc/sysconfig/iptables
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT (allow port 80 through firewall)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT (allow port 3306 through firewall)
Special note: Many netizens add these two rules to the last line of the firewall configuration, which causes the firewall to fail to start. The correct one should be added below the default 22 port rule.
After adding the firewall rules are as follows:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart
#Finally restart the firewall to make the configuration take effect