我想在防火墙上开放80端口,结果在网上找了条开放80端口的命令执行后iptables变成下面的情况
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
从其他机器还是访问不了本机80端口。我想是不是“ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
”规则在“REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
”规则后面,防火墙规则是根据顺序执行的,所以先执行前面一条后后面这条就没效果了。
请教怎么把最后那条规则能加在“REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
”前面呢
我用的命令是# iptables -A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
我是新手,请哪位大哥能帮我详细说明下问题原因及解决方法
jm-kele 于 2011-12-16 10:40:18发表:
问题解决的,谢谢版主的说明。
也谢谢开源旅长大哥,不过你说的我没太看懂,我刚弄linux,水平还很菜。{:2_93:}
alick 于 2011-12-15 23:28:32发表:
[code]iptables -I RH-Firewall-1-INPUT 10 -p tcp --dport 80 -j ACCEPT[/code]-A 是 append追加,-I insert插入
rstz 于 2011-12-15 23:23:10发表:
跟思科路由器的配置是差不多,有顺序的
rstz 于 2011-12-15 23:22:20发表:
[i=s] 本帖最后由 rstz 于 2011-12-15 23:24 编辑 [/i]
修改配置文件来确定开放的端口:
配置文件路径:/etc/sysconfig/iptables
在系统原始配置的-A INPUT规则链增加类似这样的行:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 39764 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 39764 -j ACCEPT
如果发现原有-j REJECT一类的语句,上面两句要放在它的前面
其实直接
SU -
setup
开放HTTP更直观