How to solve the problem that centos firewall cannot be started-CentOS-php.cn

How to solve the problem that centos firewall cannot be started

Release： 2020-06-03 15:40:30

Original

3128 people have browsed it

How to solve the problem that centos firewall cannot be started

How to solve the problem that centos firewall cannot be started?

CentOS firewall cannot be started, and online servers need to enable the firewall service. This is the most direct and effective way to protect Linux system security.

1. If

service iptables start 
service iptables restart

Copy after login

cannot start/restart the firewall.

2. The best way is to modify the configuration file

vi /etc/sysconfig/iptables
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

Copy after login

and then start the firewall

service iptables start

Copy after login

Check the firewall service

service iptables status

Copy after login

3. If you need to enable exceptions Port, add the following configuration:

vi /etc/sysconfig/iptables 
[plain] view plaincopy
# Firewall configuration written by system-config-firewall  
# Manual customization of this file is not recommended.  
*filter  
:INPUT ACCEPT [0:0]  
:FORWARD ACCEPT [0:0]  
:OUTPUT ACCEPT [0:0]  
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  
-A INPUT -p icmp -j ACCEPT  
-A INPUT -i lo -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT  
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
COMMIT

Copy after login

As above, add the 3306 service port

If you need to turn off the firewall automatic startup, then

Check the status

chkconfig --list iptables

Copy after login

Close Automatic start

chkconfig iptables off

Copy after login

View status

chkconfig --list iptables

Copy after login

Related reference:centOS tutorial

The above is the detailed content of How to solve the problem that centos firewall cannot be started. For more information, please follow other related articles on the PHP Chinese website!