1.关闭默认的firewall防火墙
systemctl stop firewalld.service 关闭防火墙
systemctl disable firewalld.service 关闭开机启动
2.开启iptables
yum install iptables (根据centOS7的版本和内核,有些版本已经装过,可以跳过此命令)
yum install iptables-services<br>service iptables restart<br>chkconfig iptables on或者systemctl enable iptables.service开机自启<br>
3.编辑防火墙文件(开启了21,22,80,3306端口)
vim /etc/sysconfig/iptables
# sampleconfiguration for iptables service
# # you can edit thismanually or use system-config-firewall
# # please do not askus to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
4.添加防火墙命令
/sbin/iptables -I INPUT -p tcp –dport 80 -j ACCEPT
5.查看本机关于IPTABLES的设置情况
iptables -L -n
