Edit / etc / sysconfig / iptables and run / sbin / service iptables restart
Firewall rules can only be activated when IPTables service is running. To manually start the service, use the following command:
/ sbin / service iptables restart
To make sure it starts during the system boot, use the following command:
/ sbin / chkconfig --level 345 iptables on
IPChains services cannot run at the same time as IPTables services. To determine the IPChains service is disabled, perform the following command:
/ sbin / chkconfig --level 345 ipchains off
The following is a relatively common firewall rule: iptables -f # deletes the existing rules iptables -p input Drop # Configure the default denial rule. Basic rules are: Reject all services first, then add new rules as needed. iptables -a input -p tcp --dport 80 -j accept # Open the TCP protocol of the web service port iptables -a input -p tcp --dport 110 -j accept # Open the TCP protocol of the POP3 service port iptables -a input -p TCP - DPORT 25 -J Accept # TCP protocol IPTables -a INPUT -P TCP - Dport 21 -J Accept # opens the FTP service port TCP protocol IPTables -a Input -p TCP -S 202.106.12.130 --Dport 22 -j accept # allows IP address 202.106.12.130 This host connection Locally SSH service port iptables -a input -p tcp --dport 53 -j accept # allows the TCP packet of DNS service port to flow into iptables - A INPUT -P UDP - DPORT 53 -J Accept # Allows the UDP packet of the DNS service port into iptables -a input -p icmp -ICmp-type echo-request -i eth1 -j drop # to prevent death, from the interface All requests from Eth1 ICMP protocol are discarded. iptables -a forward -p tcp --syn -m limited --LIMIT 1 / S -J ACCEPT # Prevent Syn Flood from adding rules according to server conditions.
iptables -i rh-firewall-1-input 20 -p tcp -s 211.161.250.232/32 -m State --State New --dport 3306 -j Accept
iptables -i rh-firewall-1-input 20 -p tcp -s 211.161.192.0/24 -m State --State New --dport 3306 -J Accept
