例：當修改了ssh遠程連接端口，如何在iptables上放行新的端口（這里將默認22端口號修改為33端口號）。

輸入命令放行33端口。

[root@niaoyun ~]# iptables -I INPUT -p tcp --dport 33 -j ACCEPT

查看防火墻規則，發現33端口號已經放行了。

[root@niaoyun ~]# iptables -nvL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33

295 23186 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

34 2310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

2342 200K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 15 packets, 1412 bytes)

pkts bytes target prot opt in out source destination

iptables規則已經更改，我們需要對規則進行保存。

[root@niaoyun ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

保存完畢，重啟iptables服務。

[root@niaoyun ~]# service iptables restart

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

iptables: Applying firewall rules: [ OK ]

同樣，用此方法也可以放行web的默認端口80。

iptables -I INPUT -p tcp --dport 80 -j ACCEPT && service iptables save && service iptables restart