centos7.7.1908防火墙iptables配置实践

环境说明：
系统版本为centos7.7.1908最小化镜像安装

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)

配置要求：
仅允许开放22、8080、8088端口。

配置过程:

#使用yum源安装iptables服务
yum install iptables iptables-services
#停止并禁用默认firewalld服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld

#启动iptables服务
[root@localhost ~]# systemctl restart iptables
[root@localhost ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

#清空默认iptables链表
[root@localhost ~]# iptables -F

#加入以下配置
#允许回环网卡通信
[root@localhost ~]# iptables -A INPUT -i lo -j ACCEPT
[root@localhost ~]# iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
#允许22端口
[root@localhost ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#允许ping
[root@localhost ~]# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#允许链接状态为ESTABLISHED,RELATED入栈
[root@localhost ~]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#允许8080端口
[root@localhost ~]# iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
#允许8088端口
[root@localhost ~]# iptables -A INPUT -p tcp --dport 8088 -j ACCEPT
#拒绝掉所有其他端口
[root@localhost ~]# iptables -A INPUT -j DROP

#保存配置
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  确定  ]

#可以查看保存配置文件
[root@localhost ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Tue Jan  7 15:05:16 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17012:33606877]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8088 -j ACCEPT
-A INPUT -j DROP
COMMIT
# Completed on Tue Jan  7 15:05:16 2020