在,只要把配置文件写入到/etc/sysconfig/iptables里即可,不需要输入额外的命令。
1、安装iptables
复制代码 代码如下:
#yum install iptables
2、设置防火墙过滤规则
#vi /etc/sysconfig/iptables
下面是一个现成的iptables配置文件,已经添加了pptpvpn穿透,可正常使用pptpvpn。
复制代码 代码如下:
*filter
# Allow loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use the lo0 interface
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
# Accept established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allow SSH/SFTP
# Change the value 22 if you are using a non-standard port
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow FTP
# Purely optional, but required for WordPress to install its own plugins or update itself.
-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT
# Allow PING
# Again, optional. Some disallow this altogether.
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#Allow PPTP VPN
-A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
-A INPUT -i eth0 -p gre -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
# Reject ALL other inbound
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
查看过滤规则是否已启用:
#iptables -L
重启后,防火墙规则自动启用。
注:在 中并不像 那样,必须添加启动命令才能启用防火墙规则。
阅读(1407) | 评论(0) | 转发(0) |