安装iptables遇到的问题总结
安装iptable iptable-service
1
2
3
4
5
6
7
8
| #先检查是否安装了iptables
service iptables status
#安装iptables
yum install -y iptables
#升级iptables
yum update iptables
#安装iptables-services
yum install iptables-services
|
禁用/停止自带的firewalld服务
1
| sudo systemctl stop firewalld.service && sudo systemctl disable firewalld.service
|
将iptables置为开机自启
iptables的常用命令
1
2
3
4
5
6
7
| service iptables start #启动服务
service iptables stop #停止服务
service iptables restart #重启服务
service iptables status #重启服务
|
查看iptables规则
附上常用规则一份
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| # Generated by iptables-save v1.4.7 on Wed Jul 11 20:48:21 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# 上句之后添加的iptables无效
COMMIT
# Completed on Wed Jul 11 20:48:21 2018
|
注: 本方法再Linux centos6.9 跟centos7 测试有效, 版本不一致没有效果的 还请移步尝试一下别的方法