vi /etc/sysconfig/iptables-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙)-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:####################################### Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT-A INPUT -j REJECT –reject-with icmp-host-prohibited-A FORWARD -j REJECT –reject-with icmp-host-prohibitedCOMMIT#####################################
/etc/init.d/iptables restart #最后重启防火墙使配置生效
发现这种方法并不好使,于是尝试另外一种,通过命令去添加端口的方法。
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT/etc/rc.d/init.d/iptables save/etc/init.d/iptables restart/etc/init.d/iptables status
这样就搞定了,查看效果