The firewall in CentOS is the "iptables" service.

List all rules: iptables -nvL

You can get all chains and all rules of each chain.

iptables rules are described in several "chains". The default chains are "INPUT", "FORWARD" and "OUTPUT".

The INPUT chain is most concerned. It defines which ports of this host are allowed/denied to be visited by the outside world, which IPs are allowed/denied to visit this host.

Add a rule to deny all visits to port 27017:

iptables -A INPUT -p tcp --dport 27017 -j DROP

To delete this rule, first use iptables -L INPUT --line-number to get the line number of the rule, such as "2", then delete it with iptables -D INPUT 2.

Ref:

9.3 Linux 的封包過濾軟體：iptables of "鳥哥的 Linux 私房菜".

Control iptables service

• service iptables start|stop|restart

Open a port (port 9000 in this case)for incoming connection:

Add the following line right after the line "-A INPUT -i lo -j ACCEPT" in file /etc/sysconfig/iptables:

-A INPUT -i eth0 -p tcp --dport 9000 -j ACCEPT

where "INPUT" is a you can get in above list operation. -i is the incoming interface name, -p means protocol, --dport means "destination port", -j means target name. See man iptables for details.

Note 1: The position is important. The rules will be processed in line order of the file. If there is a match for a rule, no other rules (rules below this rule) will be processed for that IP packet in your case.

Note 2: After saving the rule file, you need restart service to validate the modification. Use the list command above to see your modification.