iptables varies greatly between versions earlier and later than CentOS 7.
- In versions earlier than CentOS 7, the iptables service is used as the firewall by default. After running the
service iptables stopcommand, the iptables service will first clear rules and then unload the iptables module. When the iptables service restarts, it will load rules from the configuration file. You can stop the iptables service to test whether the firewall restrictions were applied.
- In versions later than CentOS 7, the firewall service is used as the firewall by default, and the iptables_filter module is loaded to ensure compatibility. You can use the iptables command to add rules. However, the iptables service is disabled by default. After you confirm that the iptable_filter module is loaded, the rules will take effect.
To determine the firewall, run
iptables -nvL to view the rules.
The following two scenarios describe how to configure the iptables firewall software program.
In an Ubuntu 14 OS, the security group and listening port are enabled, but the Telnet connection fails.
Security group inbound rules:
Security group outbound rules:
Telnet connection failure:
Capture the packets on the CVM to check whether the packets were sent to the CVM.
After confirming that the issue is caused by the iptables policy, run
iptables –nvL to check whether the policy opened port 8081. In this example, port 8081 is closed.
Run the following command to open port 8081:
iptables -I INPUT 5 -p tcp --dport 8081 -j ACCEPT
Check whether port 8081 is open. If yes, the issue has been solved.
Based on the iptables configuration, the policy has been enabled, but the destination server still cannot be pinged through.
If the information shown below appears,
run the following command to delete the first output rule:
iptabels –D OUTPUT 1
Test to verify that the issue has been solved.
After logging in to the instance, choose Start > Control Panel > Firewall Settings to access the "Firewall Settings" page.
Check whether the firewall and other security software, such as safedog, have been enabled. If yes, disable them.
Run the following command to check whether the firewall policy has been enabled. If no, skip step 2 and go to step 3.
If the firewall policy has been enabled, run the following command to back up the firewall policy:
Run the following command to clear the firewall policy:
No. If you are worried that the firewall may disrupt your business, you can disable the firewall.