iptables 简单设置之只允许 22 80 8080 端口 对外开放

#查看防火墙设置
iptables -L -n
#第一种方法 在命令行执行
#只允许 22 80 8080 端口 对外开放
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
#取消其他端口的访问规则
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -L -n
#如果不执行这两个 tomcat 直接是不能访问的 哈哈哈
[root@master ~]# iptables -A INPUT -p tcp –dport 8080 -m state –state NEW,ESTABLISHED -j ACCEPT
[root@master ~]# iptables -A OUTPUT -p tcp –sport 8080 -m state –state NEW,ESTABLISHED -j ACCEPT
#第二种方法 加入配置文件 永久生效
[root@master ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Mar 31 10:38:45 2015
*filter
:INPUT DROP [39:4191]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Tue Mar 31 10:38:45 2015
vps iptables
vi /etc/sysconfig/iptables
310 /sbin/iptables -I INPUT -p tcp –dport 80 -j ACCEPT
311 /sbin/iptables -I INPUT -p tcp –dport 22 -j ACCEPT
312 service iptables save
313 /etc/init.d/iptables restart
314 /etc/init.d/iptables status
315 vi /etc/sysconfig/iptables
316 vi /etc/sysconfig/iptables
317 /etc/init.d/iptables start
318 vi /etc/sysconfig/iptables
319 /etc/init.d/iptables start
[root@blogvps ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Mon Dec 1 11:46:36 2014
*filter
:INPUT ACCEPT [21919:42953639]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [22649:67976894]
-A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
COMMIT
# Completed on Mon Dec 1 11:46:36 2014
http://wiki.centos.org/zh/HowTos/Network/IPTables
http://lym6520.iteye.com/blog/1931239
http://my.oschina.net/qihh/blog/62144