centos下设置iptables

Centos上配置防火墙，只需要把配置文件写入到/etc/sysconfig/iptables里即可，不需要输入额外的命令。当然，前提是你得安装上iptables。

1、安装iptables

yum install iptables

2、设置防火墙过滤规则

vi /etc/sysconfig/iptables

下面是一个现成的iptables配置文件，已经添加了pptpvpn穿透，可正常使用pptpvpn：

*filter# Allow loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use the lo0 interface-A INPUT -i lo -j ACCEPT-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT# Accept established inbound connections-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT# Allow all outbound traffic-A OUTPUT -j ACCEPT# Allow HTTP and HTTPS connections-A INPUT -p tcp --dport 80 -j ACCEPT-A INPUT -p tcp --dport 443 -j ACCEPT# Allow SSH/SFTP# Change the value 22 if you are using a non-standard port-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT# Allow FTP# Purely optional, but required for WordPress to install its own plugins or update itself.-A INPUT -p tcp -m state --state NEW --dport 21 -j ACCEPT# Allow PING# Again, optional. Some disallow this altogether.-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT#Allow PPTP VPN-A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT-A INPUT -i eth0 -p gre -j ACCEPT-A FORWARD -i ppp+ -o eth0 -j ACCEPT-A FORWARD -i eth0 -o ppp+ -j ACCEPT# Reject ALL other inbound-A INPUT -j REJECT-A FORWARD -j REJECTCOMMIT

查看一下过滤规则是否已启用：

iptables -L

这样就完成了。VPS重启后，防火墙规则自动启用。不像debian里那样，必须添加启动命令才能启用防火墙规则。