如何解决centos防火墙无法启动

如何解决centos防火墙无法启动？

CentOS防火墙无法启动，在线服务器都需要开启防火墙服务，这是linux系统安全防护最直接有效方式。

1、如果出现 

service iptables start 
service iptables restart

无法启动/重启防火墙时。

2、最佳的方法是修改配置文件

vi /etc/sysconfig/iptables
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

然后再启动防火墙

service iptables start

查看防火墙服务

service iptables status

3、如果需要开启例外端口则，增加如下配置：

vi /etc/sysconfig/iptables 
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

如上，增加了3306服务端口

如果需要关闭防火墙自动启动则

查看状态

chkconfig --list iptables

关闭自动启动

chkconfig iptables off

查看状态

chkconfig --list iptables

相关参考：centOS教程

Atas ialah kandungan terperinci 如何解决centos防火墙无法启动. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!