1,查看防火墙文件:
vim /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Thu Jan 7 19:42:44 2016 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:1484] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT COMMIT # Completed on Thu Jan 7 19:42:44 2016
2,添加开发端口:(添加,保存,重启)
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定] [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# vim iptables [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/rc.d/init.d/iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定] [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
3,查看防火墙状态,开启/关闭防火墙。
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# /etc/init.d/iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables on [root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables off
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# chkconfig iptables --list
iptables 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
4,查看已经开启的端口。
[root@VM-5bb62e30-ecd0-4df8-b26f-9b9a2e4bd5f9 sysconfig]# netstat -tanp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:60222 0.0.0.0:* LISTEN 30288/java tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6716/mysqld tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30342/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1460/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1537/master tcp 0 0 192.168.0.153:22 61.144.66.28:2109 ESTABLISHED 30009/sshd tcp 0 0 192.168.0.153:22 113.195.145.85:9582 ESTABLISHED 35585/sshd tcp 0 0 192.168.0.153:80 14.18.243.92:2911 TIME_WAIT - tcp 0 0 192.168.0.153:22 14.18.243.92:17216 ESTABLISHED 35091/sshd tcp 0 0 127.0.0.1:3306 127.0.0.1:48637 ESTABLISHED 6716/mysqld tcp 0 0 127.0.0.1:3306 127.0.0.1:48635 ESTABLISHED 6716/mysqld tcp 0 0 127.0.0.1:3306 127.0.0.1:48634 TIME_WAIT - tcp 0 880 192.168.0.153:22 14.18.243.92:21646 ESTABLISHED 35240/sshd tcp 0 0 127.0.0.1:3306 127.0.0.1:48639 ESTABLISHED 6716/mysqld tcp 0 0 127.0.0.1:3306 127.0.0.1:48638 ESTABLISHED 6716/mysqld tcp 0 0 192.168.0.153:22 14.18.243.92:17485 ESTABLISHED 35528/sshd tcp 0 0 127.0.0.1:3306 127.0.0.1:48636 ESTABLISHED 6716/mysqld tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 30288/java tcp 0 0 :::8009 :::* LISTEN 30288/java tcp 0 0 :::8080 :::* LISTEN 30288/java tcp 0 0 :::22 :::* LISTEN 1460/sshd tcp 0 0 ::1:25 :::* LISTEN 1537/master tcp 0 0 ::ffff:127.0.0.1:48638 ::ffff:127.0.0.1:3306 ESTABLISHED 30288/java tcp 0 0 ::ffff:127.0.0.1:48639 ::ffff:127.0.0.1:3306 ESTABLISHED 30288/java tcp 0 0 ::ffff:127.0.0.1:48629 ::ffff:127.0.0.1:3306 TIME_WAIT - tcp 0 0 ::ffff:127.0.0.1:48636 ::ffff:127.0.0.1:3306 ESTABLISHED 30288/java tcp 0 0 ::ffff:192.168.0.153:8080 ::ffff:14.18.243.92:11473 TIME_WAIT - tcp 0 0 ::ffff:127.0.0.1:48637 ::ffff:127.0.0.1:3306 ESTABLISHED 30288/java tcp 0 0 ::ffff:127.0.0.1:48633 ::ffff:127.0.0.1:3306 TIME_WAIT - tcp 0 0 ::ffff:127.0.0.1:48628 ::ffff:127.0.0.1:3306 TIME_WAIT - tcp 0 0 ::ffff:127.0.0.1:48635 ::ffff:127.0.0.1:3306 ESTABLISHED 30288/java