简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Operation and Maintenance  >  How to solve the problem that centos firewall cannot be started

How to solve the problem that centos firewall cannot be started

WJ
WJOriginal
2020-06-03 15:40:302974browse

How to solve the problem that centos firewall cannot be started

How to solve the problem that centos firewall cannot be started?

CentOS firewall cannot be started, and online servers need to enable the firewall service. This is the most direct and effective way to protect Linux system security.

1. If 

service iptables start 
service iptables restart

cannot start/restart the firewall.

2. The best way is to modify the configuration file 

vi /etc/sysconfig/iptables
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

and then start the firewall 

service iptables start

Check the firewall service 

service iptables status

3. If you need to enable exceptions Port, add the following configuration: 

vi /etc/sysconfig/iptables 
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

As above, add the 3306 service port

If you need to turn off the firewall automatic startup, then

Check the status

chkconfig --list iptables

Close Automatic start

chkconfig iptables off

View status

chkconfig --list iptables

Related reference:centOS tutorial

The above is the detailed content of How to solve the problem that centos firewall cannot be started. For more information, please follow other related articles on the PHP Chinese website!

linux centos
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to modify the IP address in Centos7 systemNext article:How to modify the IP address in Centos7 system

Related articles

See more