Share: Operation Summary of Linux server (iptables in firewall) open port

Use the bird cloud Inner Mongolia node BGP Of the line Linux Cloud server , In use , The specified port needs to be opened in the firewall , But I don't know how to do it , After submitting work order consultation , Refer to their documents again Linux in iptables( A firewall ) How to open the specified port in (CentOS6.x)- Network class -Linux- Server operation and maintenance - Cloud server - Cloud computing - Bird cloud , Summarized below ：

One 、 Open the specified port

The syntax of opening the specified port is as follows ：

firewall-cmd --zone=public --add-port= Open designated port /tcp --permanent

Be careful ： After executing the above order , The configuration needs to be reloaded to take effect immediately , The order is ：firewall-cmd --reload

--zone： Represents the scope

The scope level can be selected as follows ：

   1. drop： Discard all incoming packets , Without any response

   2. block： Reject all externally initiated connections , Allow internally initiated connections

   3. public：  Allow the specified access connection

   4. external： ditto , The entry connection to camouflage , Generally used for routing and forwarding

   5. dmz： Allow restricted access connections

   6. work： Allow trusted computers to be restricted access connections , similar workgroup

   7. home： ditto , similar homegroup

   8. internal： ditto , The scope is for all Internet users

   9. trusted： Trust all connections

--add-port： Indicates the added port , Port followed by communication protocol , such as ： to open up 80 port （--add-port=80/tcp）

--permanent： Permanent , Without this parameter , Firewall restart will fail

Open for example 80 port , The order is as follows ：

firewall-cmd --zone=public --add-port=80/tcp --permanent

Two 、 stay iptables Release the new port on （ Here will be the default 22 Change the port number to 33 Port number ）

Enter the command to release 33 port .

[[email protected] ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT

View firewall rules , Find out 33 The port number has been released .

[[email protected] ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33

295 23186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

34 2310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

2342 200K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes)

pkts bytes target prot opt in out source destination

I

ptables The rules have been changed , We need to save the rules .

[[email protected] ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

Save completed , restart iptables service .

[[email protected] ~]# service iptables restart

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

Again , This method can also be used to release web Default port for 80.

iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart