æå¼é
ç½®æ件
å½ä»¤ä»£ç 
[root@localhost ~]# vi /etc/sysconfig/iptables
æ£ç¡®çé ç½®æ件
é
置代ç 
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state âstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state âstate NEW -m tcp -p tcp âdport 22 -j ACCEPT
-A INPUT -m state âstate NEW -m tcp -p tcp âdport 80 -j ACCEPT
-A INPUT -j REJECT âreject-with icmp-host-prohibited
-A FORWARD -j REJECT âreject-with icmp-host-prohibited
COMMIT
é
ç½®[*]éé
代ç 
-A INPUT -m state âstate NEW -m tcp -p tcp âdport * -j ACCEPT
注æç¹ï¼æ°å¼æ¾ç端å£ä¸å®è¦å¨ç«¯å£22åé¢
éå¯é²ç«å¢ä½¿é ç½®çæ
å½ä»¤ä»£ç 
[root@localhost ~]# /etc/init.d/iptables restart
å ¶å®
æ¥çå¼æ¾ç«¯å£
å½ä»¤ä»£ç 
[root@localhost ~]# /etc/init.d/iptables status
å ³éé²ç«å¢
å½ä»¤ä»£ç 
[root@localhost ~]# /etc/init.d/iptables stop
