-
vi /etc/sysconfig/iptables
-
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)
-
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
-
######################################
-
# Firewall configuration written by system-config-firewall
-
# Manual customization of this file is not recommended.
-
*filter
-
:INPUT ACCEPT [0:0]
-
:FORWARD ACCEPT [0:0]
-
:OUTPUT ACCEPT [0:0]
-
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-
-A INPUT -p icmp -j ACCEPT
-
-A INPUT -i lo -j ACCEPT
-
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
-
COMMIT
-
#####################################
-
/etc/init.d/iptables restart
#最后重启防火墙使配置生效
阅读(1077) | 评论(0) | 转发(0) |