CentOS防火墙iptables简单配置规则一例

# Firewall configuration
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT – [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 22 –syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 80 –syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 443 –syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 25 –syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –sport 53 –dport 1024:65535 –syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –sport 53 –dport 1024:65535 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

此例仅默认配置开启了几个常用端口,其他服务及端口开放、配置需求需根据实际情况进行配置开放即可。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据