Detailed explanation of CentOS 6.6 default iptable rules

Today I installed a new centos6.6 virtual machine on my computer, and then installed nginx without any other settings. Then I found that nginx can only be accessed on centos. I checked the iptable rules

[root@centos6 ~]# iptables-save

# Generated by iptables-save v1.4.7 on Sun Jul 26 15:53:13 2015

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [5819:366868]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Sun Jul 26 15:53:13 2015

It seems that there is no problem. The default policy is to accept it. When I saw the last two sentences, I didn’t understand what they meant. After searching, it turned out to be

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

# These two items mean to reject all other data packets that do not meet any of the above rules in the INPUT table and FORWARD table. And send a host prohibited message to the rejected host.

url=1bwvdaSb6sKL_FzefyzVFd5GYoZOE4LMNiSG6Oe4WTGQb4ygdzWXVAlitJqLqQcjG1Zwg_xC1_6-Iflwq69il_

The above is the detailed content of Detailed explanation of CentOS 6.6 default iptable rules. For more information, please follow other related articles on the PHP Chinese website!