1.修改/etc/sysconfig/iptables文件，增加如下一行：

-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

重启 iptables

service iptables restart

2.重启防火墙，这里有两种方式重启防火墙

service iptables start

3.或者用menu-system-administration-firewall ,去添加用户需要的端口。

By the way：

a. netstat -tanp 去显示端口状态。

/usr/sbin/lsof -i

b. telnet ipaddr port

to check if ip and port is available before making connection.

4.LINUX通过下面的命令可以开启允许对外访问的网络端口：

/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACCEPT #开启8000端口

/etc/rc.d/init.d/iptables save #保存配置

/etc/rc.d/init.d/iptables restart #重启服务

/etc/init.d/iptables status # 查看端口是否已经开放

5.Linux中如何开启8080端口供外界访问

1.修改文件/etc/sysconfig/iptables

[root@bogon ~]# cd /etc/sysconfig/

[root@bogon sysconfig]# vi iptables

文件内容如下，注意红色一行是新加的，目的是对外界开放8080端口

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

这行文字实际是从上一行拷贝修改而来，在VI中拷贝一行用yy，拷贝多行用yyn，粘贴用p。还算方便的。

2.将iptables服务重启。

[root@bogon sysconfig]# service iptables restart

Flushing firewall rules: [ OK ]

Setting chains to policy ACCEPT: filter [ OK ]

Unloading iptables modules: [ OK ]

Applying iptables firewall rules: [ OK ]

Loading additional iptables modules: ip_conntrack_ftp [ OK ]

[root@bogon sysconfig]#

3.如若不想修改iptables表，可以直接输入下面命令：

iptables -I INPUT -p tcp --dport 8080 -j ACCEPT # linux iptables开放端口命令

标签：iptables,Firewall,端口,开启,tcp,ACCEPT,linux,INPUT,RH

来源： https://www.cnblogs.com/xiujin/p/11494471.html