Home >Operation and Maintenance >CentOS >How to solve the problem that centos firewall cannot be started

How to solve the problem that centos firewall cannot be started

WJ
WJOriginal
2020-06-03 15:40:303122browse

How to solve the problem that centos firewall cannot be started

How to solve the problem that centos firewall cannot be started?

CentOS firewall cannot be started, and online servers need to enable the firewall service. This is the most direct and effective way to protect Linux system security.

1. If

service iptables start 
service iptables restart

cannot start/restart the firewall.

2. The best way is to modify the configuration file

vi /etc/sysconfig/iptables
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

and then start the firewall

service iptables start

Check the firewall service

service iptables status

3. If you need to enable exceptions Port, add the following configuration:

vi /etc/sysconfig/iptables 
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

As above, add the 3306 service port

If you need to turn off the firewall automatic startup, then

Check the status

chkconfig --list iptables

Close Automatic start

chkconfig iptables off

View status

chkconfig --list iptables

Related reference:centOS tutorial

The above is the detailed content of How to solve the problem that centos firewall cannot be started. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn