Home > Article > System Tutorial > Detailed explanation of CentOS 6.6 default iptable rules
Today I installed a new centos6.6 virtual machine on my computer, and then installed nginx without any other settings. Then I found that nginx can only be accessed on centos. I checked the iptable rules
[root@centos6 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Sun Jul 26 15:53:13 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5819:366868]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Jul 26 15:53:13 2015
It seems that there is no problem. The default policy is to accept it. When I saw the last two sentences, I didn’t understand what they meant. After searching, it turned out to be
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# These two items mean to reject all other data packets that do not meet any of the above rules in the INPUT table and FORWARD table. And send a host prohibited message to the rejected host.
url=1bwvdaSb6sKL_FzefyzVFd5GYoZOE4LMNiSG6Oe4WTGQb4ygdzWXVAlitJqLqQcjG1Zwg_xC1_6-Iflwq69il_
The above is the detailed content of Detailed explanation of CentOS 6.6 default iptable rules. For more information, please follow other related articles on the PHP Chinese website!