The default firewall of CentOS7 is not iptables, but firewalle. Install iptable iptable-service #First check whether iptables is installed service iptables status #Install iptables yum install -y iptables #Upgrade iptables yum update iptables #Install iptables-services yum install iptables-services Disable/stop the built-in firewalld service #Stop the firewalld service systemctl stop firewalld #Disable firewalld service systemctl mask firewalld Setting existing rules #View the existing iptables rules iptables -L -n #Allow all first, otherwise it may be a tragedy iptables -P INPUT ACCEPT # Clear all default rules iptables -F # Clear all custom rules iptables -X #Reset all counters to 0 iptables -Z #Allow packets from the lo interface (local access) iptables -A INPUT -i lo -j ACCEPT #Open port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Open port 21 (FTP) iptables -A INPUT -p tcp --dport 21 -j ACCEPT #Open port 80 (HTTP) iptables -A INPUT -p tcp --dport 80 -j ACCEPT #Open port 443 (HTTPS) iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Allow ping iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #Allow the return data after receiving the local request RELATED, which is set for FTP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #All other inbound traffic will be discarded iptables -P INPUT DROP #All outbound traffic will be green iptables -P OUTPUT ACCEPT #All forwarding will be discarded iptables -P FORWARD DROP Other rule settings #If you want to add intranet ip trust (accept all its TCP requests) iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT #Filter all requests that are not in the above rules iptables -P INPUT DROP #To block an IP, use the following command: iptables -I INPUT -s ***.***.***.*** -j DROP #To unblock an IP, use the following command: iptables -D INPUT -s ***.***.***.*** -j DROP Save rule settings #Save the above rules service iptables save Enable iptables service #Register iptables service#Equivalent to the previous chkconfig iptables on systemctl enable iptables.service #Start the service systemctl start iptables.service #Check the status systemctl status iptables.service Solve the problem that vsftpd cannot use passive mode after iptables is turned on 1. First modify or add the following content in /etc/sysconfig/iptables-config Add the following content, note that the order cannot be changed IPTABLES_MODULES="ip_conntrack_ftp" IPTABLES_MODULES="ip_nat_ftp" 2. Reset iptables settings iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT The following is the complete setup script #!/bin/sh iptables -P INPUT ACCEPT iptables -F iptables -X iptables -Z iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP service iptables save The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: How to monitor global variables in WeChat applet
>>: The difference between KEY, PRIMARY KEY, UNIQUE KEY, and INDEX in MySQL
Slideshows are often seen on web pages. They have...
Table of contents Multi-table join query Inner Jo...
Table of contents 1. The role of array: 2. Defini...
What is DNS The full name of DNS is Domain Name S...
In our daily development work, text overflow, tru...
We all know that Jmeter provides native result vi...
In the previous article, we wrote about how to de...
Table of contents 1. What is the execution contex...
Table of contents Uncontrolled components Control...
Effect: <!doctype html> <html> <he...
Update: Recently, it was discovered that the serv...
Table of contents 1. JavaScript is single-threade...
Mac uses Shell (Terminal) SSH to connect to the r...
Table of contents 1. Introduction 2. Analysis of ...
1.fullpage.js Download address https://github.com...