centos6+如何对外开放80，3306端口号或者其他端口号

1.查看防火墙对外开放了哪些端口

[[email protected] ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

2.centos6.0防火墙操作：

配置文件：/etc/sysconfig/iptables

开启某个端口号有两种方式：一种是命令方式，一种是修改配置文件方式

查看防火墙状态：chkconfig iptables --list

[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭

开启防火墙(重启后永久生效)：chkconfig iptables on
关闭防火墙(重启后永久生效)：chkconfig iptables off

[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[[email protected] ~]# chkconfig iptables off
[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
[[email protected] ~]# chkconfig iptables on
[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[[email protected] ~]# 

开启防火墙(即时生效，重启后失效)：service iptables start
关闭防火墙(即时生效，重启后失效)：service iptables stop
重启防火墙:service iptables restart

查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
\表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

3.开启某个端口号(如80端口号，命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

[[email protected] ~]# iptables -A INPUT -p tcp -m state --state  NEW  -m tcp --dport 80 -j ACCEPT

保存开启的端口号
service iptables save

[[email protected] ~]# service iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]
[[email protected] ~]# iptables status
Bad argument `status‘
Try `iptables -h‘ or ‘iptables --help‘ for more information.

重新启动防火墙
service iptables restart

[[email protected] ~]# service iptables restart
iptables：将链设置为政策 ACCEPT：filter                    [确定]
iptables：清除防火墙规则：                                 [确定]
iptables：正在卸载模块：                                   [确定]
iptables：应用防火墙规则：                                 [确定]

查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

开启某个范围的端口号(如18881~65534，命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 18881:65534 -j ACCEPT

[[email protected] ~]# iptables -A INPUT -p tcp -m state --state  NEW  -m tcp --dport 10000:11000 -j ACCEPT

保存开启的端口号
service iptables save

[[email protected] ~]# service iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]

重新启动防火墙
service iptables restart

查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
表格：filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:10000:11000 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

4.通过修改配置文件开启端口号(如80端口号)
 vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
启动防火墙
service iptables restart

参数说明：
–A 参数就看成是添加一条规则
–p 指定是什么协议，我们常用的tcp 协议，当然也有udp，例如53端口的DNS
–dport 就是目标端口，当数据从外部进入服务器为目标端口

–j 就是指定是 ACCEPT -接收 或者 DROP 不接收

原文：https://blog.csdn.net/u014079773/article/details/79745819

原文地址：https://www.cnblogs.com/zhukaixin/p/10216500.html