|
例:当修改了ssh远程连接端口,如何在iptables上放行新的端口(这里将默认22端口号修改为33端口号)。 输入命令放行33端口。1. [root@niaoyun ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT 查看防火墙规则,发现33端口号已经放行了。1. [root@niaoyun ~]# iptables -nvL 2. Chain INPUT (policy ACCEPT 0 packets, 0 bytes) 3. pkts bytes target prot opt in out source destination 4. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 5. 295 23186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6. 34 2310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 7. 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 8. 2342 200K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 9. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 10.pkts bytes target prot opt in out source destination 11.0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 12.Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes) 13.pkts bytes target prot opt in out source destination iptables规则已经更改,我们需要对规则进行保存。1. [root@niaoyun ~]# service iptables save 2. iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] 保存完毕,重启iptables服务。1. [root@niaoyun ~]# service iptables restart 2. iptables: Setting chains to policy ACCEPT: filter [ OK ] 3. iptables: Flushing firewall rules: [ OK ] 4. iptables: Unloading modules: [ OK ] 5. iptables: Applying firewall rules: [ OK ] 同样,用此方法也可以放行web的默认端口80。1. iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart
|
