current position:Home>Share: Operation Summary of Linux server (iptables in firewall) open port

Share: Operation Summary of Linux server (iptables in firewall) open port

2022-01-27 00:01:16 sbyntdx

Use the bird cloud Inner Mongolia node BGP Of the line Linux Cloud server , In use , The specified port needs to be opened in the firewall , But I don't know how to do it , After submitting work order consultation , Refer to their documents again Linux in iptables( A firewall ) How to open the specified port in (CentOS6.x)- Network class -Linux- Server operation and maintenance - Cloud server - Cloud computing - Bird cloud , Summarized below :

One 、 Open the specified port

The syntax of opening the specified port is as follows :

firewall-cmd --zone=public --add-port= Open designated port /tcp --permanent

Be careful : After executing the above order , The configuration needs to be reloaded to take effect immediately , The order is :firewall-cmd --reload

--zone: Represents the scope

The scope level can be selected as follows :

   1. drop: Discard all incoming packets , Without any response

   2. block: Reject all externally initiated connections , Allow internally initiated connections

   3. public:  Allow the specified access connection

   4. external: ditto , The entry connection to camouflage , Generally used for routing and forwarding

   5. dmz: Allow restricted access connections

   6. work: Allow trusted computers to be restricted access connections , similar workgroup

   7. home: ditto , similar homegroup

   8. internal: ditto , The scope is for all Internet users

   9. trusted: Trust all connections

--add-port: Indicates the added port , Port followed by communication protocol , such as : to open up 80 port (--add-port=80/tcp)

--permanent: Permanent , Without this parameter , Firewall restart will fail

Open for example 80 port , The order is as follows :

firewall-cmd --zone=public --add-port=80/tcp --permanent

Two 、 stay iptables Release the new port on ( Here will be the default 22 Change the port number to 33 Port number )

Enter the command to release 33 port .

[[email protected] ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT

View firewall rules , Find out 33 The port number has been released .

[[email protected] ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * tcp dpt:33

295 23186 ACCEPT all -- * * state RELATED,ESTABLISHED

34 2310 ACCEPT icmp -- * *

0 0 ACCEPT all -- lo *

2342 200K REJECT all -- * * reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 REJECT all -- * * reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes)

pkts bytes target prot opt in out source destination


ptables The rules have been changed , We need to save the rules .

[[email protected] ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

Save completed , restart iptables service .

[[email protected] ~]# service iptables restart

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

Again , This method can also be used to release web Default port for 80.

iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart

copyright notice
author[sbyntdx],Please bring the original link to reprint, thank you.

Random recommended