如何开启和关闭LINUX 防火墙
LINUX 放火墙的开启和关闭命令是什么? 如何查看防火墙是否安装和配置情况?解决办法:
关闭: /etc/rc.d/init.d/iptables stop
启动: /etc/rc.d/init.d/iptables start
查看当前配置:iptables -L
Linux下关闭和开启防火墙
1) 重启后生效
开启: chkconfig firewall on
关闭: chkconfig firewall off
2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop
需要说明的是对于Linux下的其它服务都可以用以上命令执行开启和关闭操作。
在开启了防火墙时,做如下设置,开启相关端口,
修改etcsysconfigiptables 文件,添加以下内容:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
默认安装linux后(防火墙是开启状态),此时防火墙没有开放1521端口,使得Oracle的客户端无法连接服务器。此时或者关闭防火墙,或者设置防火墙开放1521端口。
1.检查iptables的状态使用命令 service iptables status
/qzone/newblog/v5/editor/css/loading.gif# service iptables status
/qzone/newblog/v5/editor/css/loading.gif表格:filter
/qzone/newblog/v5/editor/css/loading.gifChain INPUT (policy ACCEPT)
/qzone/newblog/v5/editor/css/loading.gifnumtarget prot opt source destination
/qzone/newblog/v5/editor/css/loading.gif1 RH-Firewall-1-INPUTall--0.0.0.0/0 0.0.0.0/0
/qzone/newblog/v5/editor/css/loading.gif
/qzone/newblog/v5/editor/css/loading.gifChain FORWARD (policy ACCEPT)
/qzone/newblog/v5/editor/css/loading.gifnumtarget prot opt source destination
/qzone/newblog/v5/editor/css/loading.gif1 RH-Firewall-1-INPUTall--0.0.0.0/0 0.0.0.0/0
/qzone/newblog/v5/editor/css/loading.gif
/qzone/newblog/v5/editor/css/loading.gifChain OUTPUT (policy ACCEPT)
/qzone/newblog/v5/editor/css/loading.gifnumtarget prot opt source destination
/qzone/newblog/v5/editor/css/loading.gif
/qzone/newblog/v5/editor/css/loading.gifChain RH-Firewall-1-INPUT (2 references)
/qzone/newblog/v5/editor/css/loading.gifnumtarget prot opt source destination
/qzone/newblog/v5/editor/css/loading.gif1 ACCEPT all--0.0.0.0/0 0.0.0.0/0
/qzone/newblog/v5/editor/css/loading.gif2 ACCEPT icmp --0.0.0.0/0 0.0.0.0/0 icmp type 255
/qzone/newblog/v5/editor/css/loading.gif3 ACCEPT esp--0.0.0.0/0 0.0.0.0/0
/qzone/newblog/v5/editor/css/loading.gif4 ACCEPT ah --0.0.0.0/0 0.0.0.0/0
/qzone/newblog/v5/editor/css/loading.gif5 ACCEPT udp--0.0.0.0/0 224.0.0.251 udp dpt:5353
/qzone/newblog/v5/editor/css/loading.gif6 ACCEPT udp--0.0.0.0/0 0.0.0.0/0 udp dpt:631
/qzone/newblog/v5/editor/css/loading.gif7 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:631
/qzone/newblog/v5/editor/css/loading.gif8 ACCEPT all--0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
/qzone/newblog/v5/editor/css/loading.gif9 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
/qzone/newblog/v5/editor/css/loading.gif10 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:23
/qzone/newblog/v5/editor/css/loading.gif11 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
/qzone/newblog/v5/editor/css/loading.gif12 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
/qzone/newblog/v5/editor/css/loading.gif13 REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
#说明防火墙当前是开启状态,并开放了22,23,80,443端口
2.关闭防火墙使用命令 service iptables stop
/qzone/newblog/v5/editor/css/loading.gif# service iptables stop
/qzone/newblog/v5/editor/css/loading.gif清除防火墙规则: [确定]
/qzone/newblog/v5/editor/css/loading.gif把 chains 设置为 ACCEPT 策略:filter [确定]
/qzone/newblog/v5/editor/css/loading.gif正在卸载 Iiptables 模块: [确定]
3.开启防火墙
使用命令 service iptables start
/qzone/newblog/v5/editor/css/loading.gif# service iptables start
/qzone/newblog/v5/editor/css/loading.gif应用 iptables 防火墙规则: [确定]
/qzone/newblog/v5/editor/css/loading.gif载入额外 iptables 模块:ip_conntrack_netbios_ns [确定]
4.设置开机启动防火墙
使用命令 ntsysv
/qzone/newblog/v5/editor/css/loading.gif# ntsysv
将会出现图形界面,在其中选中iptables。确认。
5.简单配置防火墙规则
/qzone/newblog/v5/editor/css/loading.gif# setup
选择 防火墙配置--》定制--》在“其他端口”中输入要开放的端口 如:1521
http://www.zznj.com/linux/index.html
页:
[1]