How to open the port in Centos7

The default firewall of CentOS7 is not iptables, but firewalle.

Install iptable iptable-service

#First check whether iptables is installed
service iptables status
#Install iptables
yum install -y iptables
#Upgrade iptables
yum update iptables 
#Install iptables-services
yum install iptables-services

Disable/stop the built-in firewalld service

#Stop the firewalld service systemctl stop firewalld
#Disable firewalld service systemctl mask firewalld

Setting existing rules

#View the existing iptables rules iptables -L -n
#Allow all first, otherwise it may be a tragedy iptables -P INPUT ACCEPT
# Clear all default rules iptables -F
# Clear all custom rules iptables -X
#Reset all counters to 0
iptables -Z
#Allow packets from the lo interface (local access)
iptables -A INPUT -i lo -j ACCEPT
#Open port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Open port 21 (FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#Open port 80 (HTTP)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#Open port 443 (HTTPS)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Allow ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
#Allow the return data after receiving the local request RELATED, which is set for FTP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#All other inbound traffic will be discarded iptables -P INPUT DROP
#All outbound traffic will be green iptables -P OUTPUT ACCEPT
#All forwarding will be discarded iptables -P FORWARD DROP

Other rule settings

#If you want to add intranet ip trust (accept all its TCP requests)
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT
#Filter all requests that are not in the above rules iptables -P INPUT DROP
#To block an IP, use the following command:
iptables -I INPUT -s ***.***.***.*** -j DROP
#To unblock an IP, use the following command:
iptables -D INPUT -s ***.***.***.*** -j DROP

Save rule settings

#Save the above rules service iptables save

Enable iptables service

#Register iptables service#Equivalent to the previous chkconfig iptables on
systemctl enable iptables.service
#Start the service systemctl start iptables.service
#Check the status systemctl status iptables.service

Solve the problem that vsftpd cannot use passive mode after iptables is turned on

1. First modify or add the following content in /etc/sysconfig/iptables-config

Add the following content, note that the order cannot be changed

IPTABLES_MODULES="ip_conntrack_ftp"
IPTABLES_MODULES="ip_nat_ftp"

2. Reset iptables settings

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

The following is the complete setup script

#!/bin/sh
iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
service iptables save

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Solution for not being able to use pip after installing python3.7.1 on centos6.5
How to configure Nginx virtual host in CentOS 7.3
Solution to the error when installing Docker on CentOS version
Three methods to modify the hostname of Centos7
How to set up scheduled backup tasks in Linux centos
Linux centOS installation JDK and Tomcat tutorial
How to build Jenkins+Maven+Git continuous integration environment on CentOS7
How to modify the time in centos virtual machine
How to use yum to configure lnmp environment in CentOS7.6 system
CentOS 6.5 configuration ssh key-free login to execute pssh command explanation

<<: How to monitor global variables in WeChat applet

>>: The difference between KEY, PRIMARY KEY, UNIQUE KEY, and INDEX in MySQL