CentOS configuration firewall details and examples

  • 2020-05-17 07:31:49
  • OfStack

CentOS configures firewalls

CentOS DNS server yesterday to help friends, first in order to facilitate the test directly turn off the firewall, then need to configure the firewall, online to find a few firewall rules have mistakes, later found to be not serious blogger posts, there are too many character error, below is my finishing configuration process of firewall rules available:

Modify iptables - config

First, modify one of the configuration items in the iptables-config file


$ vi /etc/sysconfig/iptables-config

Change the last line of the file IPTABLES_MODULES="ip_conntrack_ftp" to #IPTABLES_MODULES="ip_conntrack_ftp", that is, comment out the 1 line configuration item

Add rules


$ vi /etc/sysconfig/iptables

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:564]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT 
-A INPUT -j RH-Firewall-1-INPUT 
-A FORWARD -j RH-Firewall-1-INPUT 
-A RH-Firewall-1-INPUT -i lo -j ACCEPT 
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
-A RH-Firewall-1-INPUT -p esp -j ACCEPT 
-A RH-Firewall-1-INPUT -p ah -j ACCEPT 
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT

Port 3306 of MySQL database and port 8080 of Tomcat are already included, and can be added or deleted as needed.

Thank you for reading, I hope to help you, thank you for your support of this site!


Related articles: