如何解決centos防火墻無(wú)法啟動(dòng)？

CentOS防火墻無(wú)法啟動(dòng)，在線服務(wù)器都需要開(kāi)啟防火墻服務(wù)，這是linux系統(tǒng)安全防護(hù)最直接有效方式。

1、如果出現(xiàn)

service iptables start  service iptables restart

無(wú)法啟動(dòng)/重啟防火墻時(shí)。

2、最佳的方法是修改配置文件

vi /etc/sysconfig/iptables [plain] view plaincopy # Firewall configuration written by system-config-firewall   # Manual customization of this file is not recommended.   *filter   :INPUT ACCEPT [0:0]   :FORWARD ACCEPT [0:0]   :OUTPUT ACCEPT [0:0]   -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT   -A INPUT -p icmp -j ACCEPT   -A INPUT -i lo -j ACCEPT   -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT   -A INPUT -j REJECT --reject-with icmp-host-prohibited   -A FORWARD -j REJECT --reject-with icmp-host-prohibited   COMMIT

然后再啟動(dòng)防火墻

service iptables start

查看防火墻服務(wù)

service iptables status

3、如果需要開(kāi)啟例外端口則，增加如下配置：

vi /etc/sysconfig/iptables  [plain] view plaincopy # Firewall configuration written by system-config-firewall   # Manual customization of this file is not recommended.   *filter   :INPUT ACCEPT [0:0]   :FORWARD ACCEPT [0:0]   :OUTPUT ACCEPT [0:0]   -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT   -A INPUT -p icmp -j ACCEPT   -A INPUT -i lo -j ACCEPT   -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT   -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT   -A INPUT -j REJECT --reject-with icmp-host-prohibited   -A FORWARD -j REJECT --reject-with icmp-host-prohibited   COMMIT

如上，增加了3306服務(wù)端口

如果需要關(guān)閉防火墻自動(dòng)啟動(dòng)則

查看狀態(tài)

chkconfig --list iptables

關(guān)閉自動(dòng)啟動(dòng)

chkconfig iptables off

查看狀態(tài)

chkconfig --list iptables

相關(guān)參考：centOS教程