我用的Linux是CentOS6.5 .
所以就以CentOS为例:
首先:为了方便,我们直接用超级管理员身份登录
[linuxidc@linuxidc ~]$ su
密码:
[root@linuxidc linuxidc]#
然后进入/etc/sysconfig目录下看一下有没有防火墙“iptables”
[root@linuxidc sysconfig]# ls iptables*
iptables iptables-config iptables.old
如果没有执行指令安装一下(联网环境下):
[root@linuxidc sysconfig]# yum install iptables
安装成功后配置iptables
[root@linuxidc sysconfig]# vim iptables
将以下文件拷进去:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 23 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8080 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8088 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
-A INPUT -p tcp –dport 80 -i em1 -m state –state NEW -m recent –set
-A INPUT -p tcp –dport 80 -i em1 -m state –state NEW -m recent –update –seconds 60 –hitcount 15 -j DROP
-A OUTPUT -o eth1 -m owner –uid-owner root -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
推荐阅读:
iptables—包过滤(网络层)防火墙 http://www.linuxidc.com/Linux/2013-08/88423.htm
Linux防火墙iptables详细教程 http://www.linuxidc.com/Linux/2013-07/87045.htm
iptables+L7+Squid实现完善的软件防火墙 http://www.linuxidc.com/Linux/2013-05/84802.htm
iptables的备份、恢复及防火墙脚本的基本使用 http://www.linuxidc.com/Linux/2013-08/88535.htm
Linux下防火墙iptables用法规则详解 http://www.linuxidc.com/Linux/2012-08/67952.htm
ps:后面数字列就是开放的端口号。
输入指令:wq
保存并退出。
[root@linuxidc sysconfig]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
iptables:应用防火墙规则: [确定]
重启iptables
然后查看状态
[root@linuxidc sysconfig]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23
6 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
8 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
9 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8088
10 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
11 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
12 tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: SET name: DEFAULT side: source
13 DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 60 hit_count: 15 name: DEFAULT side: source
14 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 owner UID match 0 tcp dpt:80 state NEW,ESTABLISHED
状态表示刚才定义到接口已经开启成功。