[Linux] CentOS iptables default

這兩天特別裝了兩台 CentOS 機器測試一些服務

發現我架起來的 web 服務, 不管怎樣都無法讓別台進入, 唯一通得只有 port 22

想說, 怪了, 才安裝完甚麼鬼設定都沒動阿, 結果發現是一個 iptables 的 default 擋住了

[root@hh ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

最後那條 "REJECT all -- anywhere anywhere reject-with icmp-host-prohibited"

擋住了所有去路, 網路上查了一下, 看到有人是直接去 /etc/sysconfig/iptables 修改(用#註解即可)

然後用

service iptables restart

重啟即可