如何将centos7自带的firewall防火墙更换为iptables防火墙
2024-08-24 03:36:15
用惯了centos6的iptables防火墙,对firewall太无感了,那么如何改回原来熟悉的iptables防火墙呢?
1、关闭firewall防火墙
[root@centos7 html]# systemctl stop firewalld #停止firewall防火墙
[root@centos7 html]# systemctl disable firewalld #禁止firewall开机启动
[root@centos7 html]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld() Aug :: centos7 systemd[]: Starting firewalld - dynamic firewall daemon...
Aug :: centos7 systemd[]: Started firewalld - dynamic firewall daemon.
Aug :: centos7 systemd[]: Stopping firewalld - dynamic firewall daemon...
Aug :: centos7 systemd[]: Stopped firewalld - dynamic firewall daemon.
Aug :: centos7 systemd[]: Starting firewalld - dynamic firewall daemon...
Aug :: centos7 systemd[]: Started firewalld - dynamic firewall daemon.
Aug :: centos7 systemd[]: Stopping firewalld - dynamic firewall daemon...
Aug :: centos7 systemd[]: Stopped firewalld - dynamic firewall daemon.
[root@centos7 html]#
2、安装iptables防火墙
[root@centos7 html]# yum install -y iptables iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors..com
* extras: mirrors.sohu.com
* updates: mirrors..com
Package iptables-1.4.-.el7.x86_64 already installed and latest version
Package iptables-services-1.4.-.el7.x86_64 already installed and latest version
Nothing to do
[root@centos7 html]# systemctl start iptables
[root@centos7 html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri -- :: CST; 14s ago
Process: ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=/SUCCESS)
Main PID: (code=exited, status=/SUCCESS) Aug :: centos7 systemd[]: Starting IPv4 firewall with iptables...
Aug :: centos7 iptables.init[]: iptables: Applying firewall rules: [ OK ]
Aug :: centos7 systemd[]: Started IPv4 firewall with iptables.
[root@centos7 html]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri -- :: CST; 28s ago
Process: ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=/SUCCESS)
Main PID: (code=exited, status=/SUCCESS) Aug :: centos7 systemd[]: Starting IPv4 firewall with iptables...
Aug :: centos7 iptables.init[]: iptables: Applying firewall rules: [ OK ]
Aug :: centos7 systemd[]: Started IPv4 firewall with iptables.
[root@centos7 html]#
3、查看iptables配置文件
[root@centos7 html]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@centos7 html]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [:]
:FORWARD ACCEPT [:]
:OUTPUT ACCEPT [:]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@centos7 html]#
4、、设置iptables开机启动
[root@centos7 html]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@centos7 html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Fri -- :: CST; 2min 22s ago
Main PID: (code=exited, status=/SUCCESS) Aug :: centos7 systemd[]: Starting IPv4 firewall with iptables...
Aug :: centos7 iptables.init[]: iptables: Applying firewall rules: [ OK ]
Aug :: centos7 systemd[]: Started IPv4 firewall with iptables.
[root@centos7 html]#
最新文章
- Java 加解密技术系列文章
- Ubuntu 14.04安装mysql
- R绘图基础
- SQL多表查询:内连接、外连接(左连接、右连接)、全连接、交叉连接
- Javascript and DOM学习
- OC基础-第1天
- PHP 文件写入或追加数据
- PowerDesigner 提示 Existence of index、key、reference错误
- docker时间和本地时间不一致的问题
- 控制使用jquery load()方法载入新页面中的元素
- 迅为-IMX6开发板十层PCB制造,24小时开机测试,满负荷测试运行俩天,没有死机
- Android Studio2.0 教程从入门到精通Windows版
- Java学习笔记(十六):this关键字
- nginx rewrite flag
- linux系统入门一些常用命令解析
- JAX_WS 2.2 规范的webservices客户端实现(Axis2,Cxf)
- Delphi的idhttp报IOHandler value is not valid错误的原因
- offset大家族(一)
- windows 关机 重启 命令
- 获取子iframe框架的元素