centos7如何安装和配置iptables

1、首先要确认操作系统的版本和位数[root@localhost ~]# cat /etc/redhat-releaseCentOS Linux release 7.2.1511 (Core)[root@localhost ~]# uname -aLinux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux[root@localhost ~]#

2、确认了是centos7的系统，要确认下是否已经安装了iptables.service使用 rpm -qa|grep iptables命令进行验证[root@localhost ~]# rpm -qa|grep iptablesiptables-1.4.21-16.el7.x86_64结果只有一个，表面iptables.service 没有安装

3、使用yum install iptables-services命令安装防火墙，输入y继续

4、用rpm -qa|grep iptables命令进行验证[root@localhost ~]# rpm -qa|grep iptablesiptables-1.4.21-18.2.el7_4.x86_64iptables-services-1.4.21-18.2.el7_4.x86_64只有两者同时有了才表明安装成功

5、启动iptables.service，并查看规则[root@localhost ~]# systemctl start iptables.service[root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHEDACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:sshREJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)target prot opt source destination [root@localhost ~]#

6、开启8086端口iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPTiptables-save