欢迎来到七亿网络,开启您的互联网之旅!

Linux中iptables(防火墙)中如何打开指定的端口(centos6.x)


    例:当修改了ssh远程连接端口,如何在iptables上打开新的端口(这里将默认22端口号修改为33端口号)


    #输入命令打开33端口。


    [root@niaoyun ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT

    #查看防火墙规则,发现33端口号已经打开了。

    [root@niaoyun ~]# iptables -nvL

    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

    pkts bytes target prot opt in out source destination

    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 

    295 23186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    34 2310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

    0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

    2342 200K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

    pkts bytes target prot opt in out source destination

    0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes)

    pkts bytes target prot opt in out source destination

    #iptables规则已经更改,我们需要对规则进行保存。

    [root@niaoyun ~]# service iptables save

    iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

    #保存完毕,重启iptables服务。

    [root@niaoyun ~]# service iptables restart

    iptables: Setting chains to policy ACCEPT: filter [ OK ]

    iptables: Flushing firewall rules: [ OK ]

    iptables: Unloading modules: [ OK ]

    iptables: Applying firewall rules: [ OK ]


    #同样,用此方法也可以打开web的默认端口80


    iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart