Linux system opens ports 3306, 8080, etc. to the outside world, detailed explanation of firewall settings

Many times, after we install a web service application (such as tomcat, apache, etc.) on a liunx system, we need to allow other computers to access the application, but the firewall of the linux system (centos, redhat, etc.) only opens port 22 to the outside by default.

The port settings of the Linux system are configured in the /etc/sysconfig/iptables file. Open the file using an editor. The content is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

The following code is said on the Internet

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT

I tested the above code in CentOS6.5 and it didn't work.

If we need to open port 80 to the outside world, add the following code to the above file

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Also note that this code needs to be added to

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

After that, otherwise the port cannot be opened either. The final configuration is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

Editing the above file requires su permission.

After saving the above file, run the following command in the terminal: Update the firewall configuration

service iptables restart

The following command can see the open ports

/sbin/iptables -L -n

The following command can turn off/on the firewall (requires restarting the system)

Enable: chkconfig iptables on 
To turn off: chkconfig iptables off

The following code can start and stop the firewall (effective immediately and invalid after restart)

Start: service iptables start  
Shutdown: service iptables stop

The above is the editor's introduction to the Linux system opening 3306, 8080 and other ports to the outside world, and the detailed integration of firewall settings. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!

You may also be interested in:

Enable remote access rights for MySQL under Linux and open port 3306 in the firewall
Example of how to open port 80 in the firewall in Linux
Summary of how to view, add, delete and modify iptables rules of Linux firewall
Detailed explanation of Linux firewall status and opening and closing commands
How to open a certain port number in the firewall under Linux and use common firewall commands (detailed explanation)
Steps to set up firewall whitelist in Linux (RHEL 6 and CentOS 7)
Alibaba Cloud Linux Server Security Settings (Firewall Policy, etc.)
Linux firewall iptables introductory tutorial
How to disable selinux (firewall)
Solution to mysql connection blocked by firewall under linux

<<: Using keras to judge SQL injection attacks (example explanation)

>>: How to make your browser talk with JavaScript