First, check the iptables service status
First, check the status of iptables Service
[root@woxplife ~]# service iptables status
iptables: Firewall is not running.Description iptables service is installed, but did not start the service.
If you do not, then you can directly install yum
yum install -y iptablesIptables start
[root@woxplife ~]# service iptables start
iptables: Applying firewall rules: [ OK ]If the error iptables: NO config File
Excuting an order
iptables -P OUTPUT ACCEPT
service iptables saveAnd then start the firewall. Look at the current configuration of iptables
[root@woxplife ~]# iptables -L -nSecond, clear the default firewall rules
#首先在清除前要将policy INPUT改成ACCEPT,表示接受一切请求。
#这个一定要先做,不然清空后可能会悲剧
iptables -P INPUT ACCEPT
#清空默认所有规则
iptables -F
#清空自定义的所有规则
iptables -X
#计数器置0
iptables -ZThird, the configuration rules
#允许来自于lo接口的数据包
#如果没有此规则,你将不能通过127.0.0.1访问本地服务,例如ping 127.0.0.1
iptables -A INPUT -i lo -j ACCEPT
#ssh端口22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#FTP端口21
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#web服务端口80
iptables -A INPUT -p tcp --dport 80 -j ACCEP
#tomcat
iptables -A INPUT -p tcp --dport xxxx -j ACCEP
#mysql
iptables -A INPUT -p tcp --dport xxxx -j ACCEP
#允许icmp包通过,也就是允许ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#允许所有对外请求的返回包
#本机对外请求相当于OUTPUT,对于返回数据包必须接收啊,这相当于INPUT了
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
#如果要添加内网ip信任(接受其所有TCP请求)
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT
#过滤所有非以上规则的请求
iptables -P INPUT DROP
Fourth, save
First iptables -L -n look at the configuration is correct.
After no problem, do not hurry to save, because not only save the currently effective, will not take effect after the restart, so if there are any problems, you can restore the settings back to force restart the server.
In addition to open an ssh connection, make sure that you can visit.
After ensuring no problem saving
#保存
[root@woxplife ~]# service iptables save
#添加到自启动chkconfig
[root@woxplife ~]# chkconfig iptables on