[operating system Linux] solutions without iptables

I. check iptables service status

First check the status of iptables service

[root@woxplife ~]# service iptables status
iptables: Firewall is not running.

The iptables service is installed, but the service is not started.
You can install it directly if it is not installed.

yum install -y iptables

Start iptables

[root@woxplife ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]

If an error is reported, iptables: no config file

Executive order

iptables -P OUTPUT ACCEPT
service iptables save

Then start the firewall. Take a look at the current configuration of iptables

[root@woxplife ~]# iptables -L -n

2. Clear the default firewall rules

#First, change the policy INPUT to ACCEPT before clearing, indicating that all requests are accepted.
#This must be done first, or it may be tragic after clearing
iptables -P INPUT ACCEPT
 
#Clear all default rules
iptables -F
 
#Clear all custom rules
iptables -X
 
#Counter set to 0
iptables -Z

III. configuration rules

#Allow packets from the lo interface
#Without this rule, you will not be able to access local services through 127.0.0.1, such as ping 127.0.0.1
iptables -A INPUT -i lo -j ACCEPT 
 
#ssh port 22
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
#FTP port 21
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
 
#web service port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEP
 
#tomcat
iptables -A INPUT -p tcp --dport xxxx -j ACCEP
 
#mysql
iptables -A INPUT -p tcp --dport xxxx -j ACCEP
 
#Allow icmp packets to pass, that is, allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
#Allow all return packages of external requests
#The local external request is equivalent to OUTPUT. The returned packets must be received, which is equivalent to INPUT.
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
 
#If you want to add an intranet ip trust (accept all its TCP requests)
iptables -A INPUT -p tcp -s 45.96.174.68 -j ACCEPT
 
#Filter all requests without the above rules
iptables -P INPUT DROP

Four, preservation

First, iptables -L -n to see if the configuration is correct.
After no problem, don't save it in a hurry, because it's only currently valid, and it won't take effect after restart. In case of any problem, you can force the server to restart in the background to restore the settings.
Open another ssh connection to ensure that you can log in.

Make sure it's OK to save it later

#Preservation
[root@woxplife ~]# service iptables save
 
#Add to self starting chkconfig
[root@woxplife ~]# chkconfig iptables on

Keywords: iptables firewall ssh yum

Added by Flukey on Thu, 31 Oct 2019 13:33:03 +0200