systemctl stop firewalld

systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

reference:https://www.cnblogs.com/anne32184/p/5961806.html
 vi /etc/sysconfig/iptables

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)

 特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面

 添加好之后防火墙规则如下所示:

 ######################################

 # Firewall configuration written by system-config-firewall

 # Manual customization of this file is not recommended.

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [0:0]

 -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

 -A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

 -A INPUT -j REJECT –reject-with icmp-host-prohibited

 -A FORWARD -j REJECT –reject-with icmp-host-prohibited

 COMMIT

 #####################################

 /etc/init.d/iptables restart      #最后重启防火墙使配置生效
 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *nat

 :PREROUTING ACCEPT [0:0]

 :INPUT ACCEPT [0:0]

 :OUTPUT ACCEPT [136:8416]

 :POSTROUTING ACCEPT [136:8416]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_ZONES - [0:0]

 :POSTROUTING_ZONES_SOURCE - [0:0]

 :POSTROUTING_direct - [0:0]

 :POST_public - [0:0]

 :POST_public_allow - [0:0]

 :POST_public_deny - [0:0]

 :POST_public_log - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535

 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

 -A POSTROUTING -j POSTROUTING_direct

 -A POSTROUTING -j POSTROUTING_ZONES_SOURCE

 -A POSTROUTING -j POSTROUTING_ZONES

 -A POSTROUTING_ZONES -o enp0s3 -g POST_public

 -A POSTROUTING_ZONES -g POST_public

 -A POST_public -j POST_public_log

 -A POST_public -j POST_public_deny

 -A POST_public -j POST_public_allow

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 #(之前我添加在下面,浏览器也是不能访问的,必须放在上面!)

 #允许8080端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *mangle

 :PREROUTING ACCEPT [732:348610]

 :INPUT ACCEPT [732:348610]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :POSTROUTING ACCEPT [767:100547]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 :POSTROUTING_direct - [0:0]

 :PREROUTING_ZONES - [0:0]

 :PREROUTING_ZONES_SOURCE - [0:0]

 :PREROUTING_direct - [0:0]

 :PRE_public - [0:0]

 :PRE_public_allow - [0:0]

 :PRE_public_deny - [0:0]

 :PRE_public_log - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A PREROUTING -j PREROUTING_ZONES_SOURCE

 -A PREROUTING -j PREROUTING_ZONES

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

 -A POSTROUTING -j POSTROUTING_direct

 -A PREROUTING_ZONES -i enp0s3 -g PRE_public

 -A PREROUTING_ZONES -g PRE_public

 -A PRE_public -j PRE_public_log

 -A PRE_public -j PRE_public_deny

 -A PRE_public -j PRE_public_allow

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *security

 :INPUT ACCEPT [727:348220]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [765:100277]

 :FORWARD_direct - [0:0]

 :INPUT_direct - [0:0]

 :OUTPUT_direct - [0:0]

 -A INPUT -j INPUT_direct

 -A FORWARD -j FORWARD_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *raw

 :PREROUTING ACCEPT [732:348610]

 :OUTPUT ACCEPT [765:100277]

 :OUTPUT_direct - [0:0]

 :PREROUTING_direct - [0:0]

 -A PREROUTING -j PREROUTING_direct

 -A OUTPUT -j OUTPUT_direct

 COMMIT

 # Completed on Fri Jul 28 19:10:39 2017

 # Generated by iptables-save v1.4.21 on Fri Jul 28 19:10:39 2017

 *filter

 :INPUT ACCEPT [0:0]

 :FORWARD ACCEPT [0:0]

 :OUTPUT ACCEPT [14:984]

 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

 -A INPUT -p icmp -j ACCEPT

 -A INPUT -i lo -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 9904 -j ACCEPT

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

 #允许3306端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

 #允许9904端口通过防火墙

 #-A INPUT -m state --state NEW -m tcp -p tcp

 -A INPUT -j REJECT --reject-with icmp-host-prohibited

 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

 COMMIT

 # Completed on Fri Jul 28 19:10:39 201

iptables打开22,80,8080,3306等端口的更多相关文章

  1. CentOS 7.5 ——如何开放80、8080、3306等端口

    CentOS 7.5 ——如何开放80.8080.3306等端口 ——说明:CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙——1.关闭firewall: s ...

  2. 启动PHPstudy提醒80、3306端口被占用

    端口占用会出现如下提醒 解决办法: 进入dos窗口:快捷键win+R,然后输入cmd 在dos窗口中输入命令:netstat   -ano(查找各端口所在进程的PID) 找到80和3306的程序PID ...

  3. iptables使用multiport 添加多个不连续端口 不指定

    iptables使用multiport 添加多个不连续端口   碟舞飞扬 , 01:26 , Linux技术 , 评论(0) , 引用(0) , 阅读(12214) , Via 本站原创 大 | 中  ...

  4. git clone https://github.com/istester/ido.git ,确提示“Failed to connect to 192.168.1.22 port 8080: Connection refused” 的解决办法 。

    不知道是否有同学遇到如下的问题: p.p1 { margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo } span.s1 { } git clone ...

  5. 关于eclipse tomcat 无法启动(8080,8005,8009端口被占用)的解决方法,附 eclipse tomcat 与 tomcat 并存方式

    eclipse 在编译运行时 新建的tomcat连接始终为stopped状态,描述为8080,8005,8009端口被占用. 这是因为在装完tomcat后,tomcat服务已启动,而eclipse仅仅 ...

  6. [ 转载 ] Mysql 远程连接+开放80和3306端口 常用配置

    直接上方法: 首先配置CentOS下防火墙iptables规则: # vim /etc/sysconfig/iptables 向其中加入下列规则: -A INPUT -m state –state N ...

  7. nagios系列(四)之nagios主动方式监控tcp常用的80/3306等端口监控web/syncd/mysql及url服务

    nagios主动方式监控tcp服务web/syncd/mysql及url cd /usr/local/nagios/libexec/ [root@node4 libexec]# ./check_tcp ...

  8. centos 6.5 防火墙通过 80 和 3306 端口

    vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPU ...

  9. CentOS中iptables防火墙 开放80端口方法

    开放端口:  代码如下 复制代码 [root@WX32 ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT 保存配置:  代码如下 复制代码 [root ...

随机推荐

  1. mysql 分数表实现排名

    首先初始化一张表 DROP TABLE IF EXISTS `lq_wx_sign`; CREATE TABLE `lq_wx_sign` ( `id` ) unsigned NOT NULL AUT ...

  2. SQL Server Replace函数

    REPLACE用第三个表达式替换第一个字符串表达式中出现的所有第二个给定字符串表达式. 语法REPLACE ( 'string_expression1' , 'string_expression2' ...

  3. 《转》openstack中删除虚拟主机,状态一直deleting

    一.我重新启动了该机器.之后想删除没有创建成功的虚拟机(没有打开cpu的vt).结果发现状态一直为deleting状态.在这个状态下创建虚拟机也失败. 二.分析:在/var/log/nova/nova ...

  4. CentOS7 以下安装Mysql MMM

    參考文档 參考1 參考2 * 一. 规划 server IP 作用 monitor 192.168.1.210 监控server master-001 192.168.1.211 读写主机001 ma ...

  5. ios开发之 -- 调用系统定位获取当前经纬度与地理信息

    ios 10定位: 在info.plist中加入: //允许在前台使用时获取GPS的描述 定位权限:Privacy - Location When In Use Usage Description / ...

  6. Mininet加强版——DOT(分布式OpenFlow试验平台)

    前言 之前在做SDN实验的时候,需要用到包含2000+个交换机的fattree拓扑,当时用的是mininet,生成整个拓扑需要十五六个小时,最终在异常艰苦的环境下做完了实验,之后听说了有DOT(Dis ...

  7. js控制媒体查询样式/判断是PC端还是移动端

    如果遇到,想要在pc端和移动端上的js效果显示不同的话,可以加上以下代码: var result = window.matchMedia('(max-width: 768px)'); if (resu ...

  8. Jmeter--正则表达式提取值

    博客首页:http://www.cnblogs.com/fqfanqi/ 设置界面如下: Apply to:应用范围的选择: Field to check:检查的领域,即需要提取内容的地方. 下面是各 ...

  9. Powershell Get Domain Group的几种方法

    Group常见属性介绍: 一.Get-ADGroup获取群组(如下例循环获取群组的发送权限) #群组的发送权限info $groups=Get-ADGroup -filter * -SearchSco ...

  10. 版本号风格为 Major.Minor.Patch

    旧版本兼容 · 小程序 https://developers.weixin.qq.com/miniprogram/dev/framework/compatibility.html 微信客户端和小程序基 ...