[root@CentOS ~]# vim /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT # 允许80端口通过防火墙
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT # 允许3306端口通过防火墙
**特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面 **
添加好之后防火墙规则如下所示:
\######################################
\# Firewall configuration written by system-config-firewall
\# Manual customization of this file is not recommended.
:INPUT ACCEPT \[0:0\]
:FORWARD ACCEPT \[0:0\]
:OUTPUT ACCEPT \[0:0\]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
\#####################################
最后重启防火墙使配置生效
/etc/init.d/iptables restart
查看打开的端口:
# /etc/init.d/iptables status
关闭防火墙:
# /etc/init.d/iptables stop
评论区