[Linux] Firewall settings


Writing time : 2013-04-09 19:09:11

Firewall settings

If the firewall is configured, ftp, http, and svn services used by connecting to the network cannot be used. Therefore, you must use the following method to modify the settings for each fire prevention.

iptables fix


Modify iptables to change firewall settings.

#vi /etc/sysconfig/iptables  

Change the settings.
For example, to add ports 20 and 21 to allow FTP connections, add the two lines below.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT  

Modified iptables.

# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT  

iptables restart


After modifying the firewall configuration file, restart to restart the firewall.

# service iptables restart  
iptables: 방화벽 규칙을 지웁니다:                          [  OK  ]  
iptables: 체인을 ACCEPT 규칙으로 설정 중:  filter          [  OK  ]  
iptables: 모듈을 언로드하는 중:                            [  OK  ]  
iptables: 방화벽 규칙 적용 중:                             [  OK  ]  

For reference, you can disable the firewall by entering the service iptables stop command, or you can start the firewall by entering the service iptables start command.

Previous post

Other posts in the category