Centos上配置防火墙,只需要把配置文件写入到/etc/sysconfig/iptables里即可,不需要输入额外的命令。当然,前提是你得安装上iptables。
1、安装iptables。
#yum install iptables
2、设置防火墙过滤规则。
#vi /etc/sysconfig/iptables
下面是一个现成的iptables配置文件,已经添加了pptpvpn穿透,可正常使用pptpvpn。
*filter # Allow loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use the lo0 interface -A INPUT -i lo -j ACCEPT -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT # Accept established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic -A OUTPUT -j ACCEPT # Allow HTTP and HTTPS connections -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow SSH/SFTP # Change the value 22 if you are using a non-standard port -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow FTP # Purely optional, but required for WordPress to install its own plugins or update itself. -A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT # Allow PING # Again, optional. Some disallow this altogether. -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT #Allow PPTP VPN -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT -A INPUT -i eth0 -p gre -j ACCEPT -A FORWARD -i ppp+ -o eth0 -j ACCEPT -A FORWARD -i eth0 -o ppp+ -j ACCEPT # Reject ALL other inbound -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
查看一下过滤规则是否已启用:
#iptables -L
这样就完成了。VPS重启后,防火墙规则自动启用。不像debian里那样,必须添加启动命令才能启用防火墙规则。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
