解决CentOS防火墙无法启动的问题_

> CentOS > CentOS入门 >

解决CentOS防火墙无法启动的问题

时间:2015-06-18 12:16 来源:linux.it.net.cn 作者:IT

CentOS防火墙无法启动，在线服务器都需要开启防火墙服务，这是linux系统安全防护最直接有效方式。

1、如果出现

service iptables start

service iptables restart

无法启动/重启防火墙时。

2、最佳的方法是修改配置文件

vi /etc/sysconfig/iptables

[plain] view plaincopy

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

然后再启动防火墙

service iptables start

查看防火墙服务

service iptables status

3、如果需要开启例外端口则，增加如下配置：

vi /etc/sysconfig/iptables

[plain] view plaincopy

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

如上，增加了3306服务端口

如果需要关闭防火墙自动启动则

查看状态

chkconfig --list iptables

关闭自动启动

chkconfig iptables off

查看状态

chkconfig --list iptables

(责任编辑：IT)