Notes:
iptables varies greatly between versions earlier and later than CentOS 7.
- In versions earlier than CentOS 7, the iptables service is used as the firewall by default. After running the
service iptables stop
command, the iptables service will first clear rules and then unload the iptables module. When the iptables service restarts, it will load rules from the configuration file. You can stop the iptables service to test whether the firewall restrictions were applied.- In versions later than CentOS 7, the firewall service is used as the firewall by default, and the iptables_filter module is loaded to ensure compatibility. You can use the iptables command to add rules. However, the iptables service is disabled by default. After you confirm that the iptable_filter module is loaded, the rules will take effect.
To determine the firewall, run iptables -nvL
to view the rules.
The following two scenarios describe how to configure the iptables firewall software program.
In an Ubuntu 14 OS, the security group and listening port are enabled, but the Telnet connection fails.
Security group inbound rules:
Security group outbound rules:
Telnet connection failure:
After confirming that the issue is caused by the iptables policy, run iptables –nvL
to check whether the policy opened port 8081. In this example, port 8081 is closed.
Run the following command to open port 8081:
iptables -I INPUT 5 -p tcp --dport 8081 -j ACCEPT
Check whether port 8081 is open. If yes, the issue has been solved.
Based on the iptables configuration, the policy has been enabled, but the destination server still cannot be pinged through.
If the information shown below appears,
run the following command to delete the first output rule:
iptabels –D OUTPUT 1
Test to verify that the issue has been solved.
After logging in to the instance, choose Start > Control Panel > Firewall Settings to access the "Firewall Settings" page.
Check whether the firewall and other security software, such as safedog, have been enabled. If yes, disable them.
iptables -vnL
iptables-save
iptables -F
No. If you are worried that the firewall may disrupt your business, you can disable the firewall.
Was this page helpful?