例:当修改了ssh远程连接端口,如何在iptables上打开新的端口(这里将默认22端口号修改为33端口号) #输入命令打开33端口。 [root@niaoyun ~]# iptables -i input -p tcp --dport 33 -j accept #查看防火墙规则,发现33端口号已经打开了。 [root@niaoyun ~]# iptables -nvl chain input (policy accept 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 accept tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 295 23186 accept all -- * * 0.0.0.0/0 0.0.0.0/0 state related,established 34 2310 accept icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 accept all -- lo * 0.0.0.0/0 0.0.0.0/0 2342 200k reject all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited chain forward (policy accept 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited chain output (policy accept 15 packets, 1412 bytes) pkts bytes target prot opt in out source destination #iptables规则已经更改,我们需要对规则进行保存。 [root@niaoyun ~]# service iptables save iptables: saving firewall rules to /etc/sysconfig/iptables:[ ok ] #保存完毕,重启iptables服务。 [root@niaoyun ~]# service iptables restart iptables: setting chains to policy accept: filter [ ok ] iptables: flushing firewall rules: [ ok ] iptables: unloading modules: [ ok ] iptables: applying firewall rules: [ ok ] #同样,用此方法也可以打开web的默认端口80 iptables -i input -p tcp --dport 80 -j accept && service iptables save && service iptables restart
|