A-A+
在防火墙规则中添加要开启的端口的方法
如果局域网内或者对公网有一层防火墙,那有时就需要为某种应用或者服务开设一个端口号,在Linux系统环境下,具体的方法如下:
系统环境:CentOS 6.5
在防火墙文件下添加条目即可,但注意条目的位置;
- [root@debris ~]# vi /etc/sysconfig/iptables
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
!注意!,不能够在COMMIT下添加条目,否则端口会失效!