标签:chain 配置 loading in out ref prot etc sys inpu
我用的是fedora 14
1. 查看iptables 防火墙已经开启的port:/etc/init.d/iptables status
[root@hzswtb2-mpc ~]#/etc/rc.d/init.d/iptables status 或者 service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
2. 开启 tcp 8080port
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
[root@hzswtb2-mpc ~]# /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
[root@hzswtb2-mpc ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@hzswtb2-mpc ~]# /etc/rc.d/init.d/iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@hzswtb2-mpc ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
3. 删除chain INPUT指定规则1;
[root@hzswtb2-mpc ~]# iptables -D INPUT 1
[root@hzswtb2-mpc ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
4.Reject 指定port;
[root@hzswtb2-mpc ~]# /sbin/iptables -I INPUT -p tcp --dport 8080 -j REJECT
[root@hzswtb2-mpc ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 reject-with icmp-port-unreachable
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
很多其它的规则能够參考
http://www.2cto.com/os/201304/201164.html
Linux下 iptables防火墙 放开相关port 拒绝相关port 及查看已放开port
标签:chain 配置 loading in out ref prot etc sys inpu
原文地址:http://www.cnblogs.com/gavanwanggw/p/6723775.html