CentOS使用iptables
CentOS 6.x
1. 任意运行一条iptables防火墙规则配置命令
1 | iptables -P OUTPUT ACCEPT |
2. 对iptables服务进行保存
1 | service iptables save |
3. 重启iptables服务
1 | service iptables restart |
CentOS 7.x
1. 关闭firewall
停止firewall服务:1
systemctl stop firewalld.service
禁止firewall开机启动:1
systemctl disable firewalld.service
2. 安装iptables防火墙
执行yum命令安装:1
yum install iptables-services
编辑防火墙配置文件:1
vi /etc/sysconfig/iptables
在配置文件中加入以下内容后,保存并退出:
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
最后重启防火墙使配置生效1
systemctl restart iptables.service
3. 设置防火墙开机启动
1 | systemctl enable iptables.service |
4. 关闭SELinux
编辑SELinux的配置文件:1
vi /etc/selinux/config
如下图,注释掉SELINUX=enforcing和SELINUXTYPE=targeted。
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
#SELINUXTYPE=targeted
最后执行以下命令,使配置立即生效1
setenforce 0