# Generated by iptables-save v1.4.7 on Mon Oct 19 22:06:34 2015
*filter
:INPUT DROP [5:244]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:840]
:syn-flood - [0:0]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -p tcp -m tcp --dport 3690 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 21,22,23,25,53,80,135,139,443,445 -j DROP
-A OUTPUT -p tcp -m multiport --dports 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 -j DROP
-A OUTPUT -p udp -j DROP
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Oct 19 22:06:34 2015
# Generated by iptables-save v1.4.7 on Mon Oct 19 22:06:34 2015
*nat
:PREROUTING ACCEPT [82:4842]
:POSTROUTING ACCEPT [31:2354]
:OUTPUT ACCEPT [37:2810]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Mon Oct 19 22:06:34 2015

保存iptables命令
service iptables save

重启iptables服务
service iptables restart

iptables 配置文件路径

/etc/sysconfig/iptables