|
例:当修改了ssh远程连接端口,如何在iptables上放行新的端口(这里将默认22端口号修改为33端口号)。 输入命令放行33端口。1. [root@zzyun ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT
查看防火墙规则,发现33端口号已经放行了。1. [root@zzyun ~]# iptables -nvL
2. Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
3. pkts bytes target prot opt in out source destination
4. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33
5. 295 23186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6. 34 2310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
7. 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
8. 2342 200K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
9. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
10. pkts bytes target prot opt in out source destination
11. 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
12. Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes)
13. pkts bytes target prot opt in out source destination
iptables规则已经更改,我们需要对规则进行保存。 1. [root@zzyun ~]# service iptables save
2. iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
保存完毕,重启iptables服务。1. [root@zzyun ~]# service iptables restart
2. iptables: Setting chains to policy ACCEPT: filter [ OK ]
3. iptables: Flushing firewall rules: [ OK ]
4. iptables: Unloading modules: [ OK ]
5. iptables: Applying firewall rules: [ OK ]
同样,用此方法也可以放行web的默认端口80。1. iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart
|
