linux关于防火墙开放端口

一、查看防火墙开放了那些端口。

如下：22,3306已经对外开放了

[root@localhost tomcat7]# /etc/init.d/iptables status 
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination     

   二、提示防火墙已经关闭了。

   

[root@localhost bin]# /etc/init.d/iptables status 
iptables: Firewall is not running.

 

  

 

三、开放某个端口，如8080端口，

1、直接编辑/etc/sysconfig/iptables ，内容中新增一条

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 端口号 -j ACCEPT

注意位置需要放在-A INPUT -j REJECT --reject-with icmp-host-prohibited前面。

 

[root@localhost /]# vi /etc/sysconfig/iptables 
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

   2、重新启动防火墙服务 service iptables restart

    

[root@localhost bin]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

   

  四、直接关闭或打开防火墙（处于安全考虑不建议）

  1) 重启后生效 

   

开启： chkconfig iptables on 

关闭： chkconfig iptables off 

 

  2) 即时生效，重启后失效 

   

开启： service iptables start 

关闭： service iptables stop 

 

  附带，测试能不能访问某个端口是，可以用telnet命令，telnet host port 如：telent 192.168.101.11 8080

  如果telent命令不能识别，需要通过命令yum install telnet安装 （CentOS系统），windows 环境自行百度     下。