centos6+如何對外開放80,3306埠號或者其他埠號
1.檢視防火牆對外開放了哪些埠
[[email protected] ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp-- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all-- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
2.centos6.0防火牆操作:
配置檔案:/etc/sysconfig/iptables
開啟某個埠號有兩種方式:一種是命令方式,一種是修改配置檔案方式
檢視防火牆狀態:chkconfig iptables --list
[[email protected]~]# chkconfig iptables --list iptables 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉
開啟防火牆(重啟後永久生效):chkconfig iptables on
關閉防火牆(重啟後永久生效):chkconfig iptables off
[[email protected] ~]# chkconfig iptables --list iptables 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉 [[email protected] ~]# chkconfig iptables off [[email protected] ~]# chkconfig iptables --list iptables 0:關閉 1:關閉 2:關閉 3:關閉 4:關閉 5:關閉 6:關閉 [[email protected] ~]# chkconfig iptables on [[email protected] ~]# chkconfig iptables --list iptables 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉 [[email protected] ~]#
開啟防火牆(即時生效,重啟後失效):service iptables start
關閉防火牆(即時生效,重啟後失效):service iptables stop
重啟防火牆:service iptables restart
檢視開啟的埠號
service iptables status
[[email protected] ~]# service iptables status \表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
3.開啟某個埠號(如80埠號,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
儲存開啟的埠號
service iptables save
[[email protected] ~]# service iptables save iptables:將防火牆規則儲存到 /etc/sysconfig/iptables: [確定] [[email protected] ~]# iptables status Bad argument `status' Try `iptables -h' or 'iptables --help' for more information.
重新啟動防火牆
service iptables restart
[[email protected] ~]# service iptables restart iptables:將鏈設定為政策 ACCEPT:filter [確定] iptables:清除防火牆規則: [確定] iptables:正在解除安裝模組: [確定] iptables:應用防火牆規則: [確定]
檢視開啟的埠號
service iptables status
[[email protected] ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
開啟某個範圍的埠號(如18881~65534,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 18881:65534 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 10000:11000 -j ACCEPT
儲存開啟的埠號
service iptables save
[[email protected] ~]# service iptables save iptables:將防火牆規則儲存到 /etc/sysconfig/iptables: [確定]
重新啟動防火牆
service iptables restart
檢視開啟的埠號
service iptables status
[[email protected] ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:10000:11000 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
4.通過修改配置檔案開啟埠號(如80埠號)
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
啟動防火牆
service iptables restart
引數說明:
–A 引數就看成是新增一條規則
–p 指定是什麼協議,我們常用的tcp 協議,當然也有udp,例如53埠的DNS
–dport 就是目標埠,當資料從外部進入伺服器為目標埠
–j 就是指定是 ACCEPT -接收 或者 DROP 不接收
原文:https://blog.csdn.net/u014079773/article/details/79745819