CentOS7 默认使用firewalld防火墙,如果想换回iptables防火墙,可关闭firewalld并安装iptables
一、关闭firewall:
关闭防火墙
systemctl stop firewalld.service
1
禁止开机启动防火墙
systemctl disable firewalld.service
1
查看防火墙状态(关闭后显示not running,开启后显示running)
firewall-cmd --state
1
二、安装iptables
查看可用安装包
yum list | grep iptables
1
安装iptables
yum install iptables-services
1
重启防火墙使配置文件生效
systemctl restart iptables.service
1
设置iptables防火墙为开机启动项
systemctl enable iptables.service
1
执行状态查询命令,显示如下,说明安装启动成功::
systemctl status iptables.service
1
[root@localhost /]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2019-03-18 02:18:04 PDT; 20h ago
Process: 6029 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 6029 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
Mar 18 02:18:03 localhost.localdomain systemd[1]: Starting IPv4 firewall with…
Mar 18 02:18:04 localhost.localdomain iptables.init[6029]: iptables: Applying…
Mar 18 02:18:04 localhost.localdomain systemd[1]: Started IPv4 firewall with …
Hint: Some lines were ellipsized, use -l to show in full.
三、通过iptables开放端口
查看本机IPTABLES的设置情况
iptables -nL
1
开放指定端口,编辑配置
vim /etc/sysconfig/iptables
1
内容如下:
Generated by iptables-save v1.4.21 on Wed Mar 13 01:55:54 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Completed on Wed Mar 13 01:55:54 2019
~
注意: 要在文件的中间即COMMIT命令上面添加
如果有下面2行,需要在下面2行的上面添加
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
1
2
可仿照上面的22,80,3306等端口方式,复制一份修改端口号即可
修改完后保存退出
:wq!
重启服务即可
systemctl restart iptables.service
1
四、客户端连接不了服务可能原因有多种
(1)服务器端服务未启动
(2)软件本身未开通用户访问权限
如: mysql依然无法访问可能是没有授权问题:
mysql授权(dbName,dbuser,dbpassword需要修改):
grant all privileges on dbName.* to dbuser@’%’ identified by ‘dbpassword’ with grant option;
1
flush privileges;
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
