14
linux中iptables(防火墙)中如何打开指定的端口(centos6.x)

例:当修改了ssh远程连接端口,如何在iptables上打开新的端口(这里将默认22端口号修改为33端口号)

#输入命令打开33端口。

[root@niaoyun ~]# iptables -i input -p tcp --dport 33 -j accept
#查看防火墙规则,发现33端口号已经打开了。
[root@niaoyun ~]# iptables -nvl
chain input (policy accept 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 accept tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 
295 23186 accept all -- * * 0.0.0.0/0 0.0.0.0/0 state related,established
34 2310 accept icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 accept all -- lo * 0.0.0.0/0 0.0.0.0/0
2342 200k reject all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
chain forward (policy accept 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
chain output (policy accept 15 packets, 1412 bytes)
pkts bytes target prot opt in out source destination
#iptables规则已经更改,我们需要对规则进行保存。
[root@niaoyun ~]# service iptables save
iptables: saving firewall rules to /etc/sysconfig/iptables:[ ok ]
#保存完毕,重启iptables服务。
[root@niaoyun ~]# service iptables restart
iptables: setting chains to policy accept: filter [ ok ]
iptables: flushing firewall rules: [ ok ]
iptables: unloading modules: [ ok ]
iptables: applying firewall rules: [ ok ]

#同样,用此方法也可以打开web的默认端口80

iptables -i input -p tcp --dport 80 -j accept && service iptables save && service iptables restart