用惯了centos6的iptables防火墙,对firewall太无感了,那么如何改回原来熟悉的iptables防火墙呢?

1、关闭firewall防火墙

[root@centos7 html]# systemctl stop firewalld #停止firewall防火墙

[root@centos7 html]# systemctl disable firewalld  #禁止firewall开机启动

[root@centos7 html]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

     Docs: man:firewalld()

Aug  :: centos7 systemd[]: Starting firewalld - dynamic firewall daemon...

Aug  :: centos7 systemd[]: Started firewalld - dynamic firewall daemon.

Aug  :: centos7 systemd[]: Stopping firewalld - dynamic firewall daemon...

Aug  :: centos7 systemd[]: Stopped firewalld - dynamic firewall daemon.

Aug  :: centos7 systemd[]: Starting firewalld - dynamic firewall daemon...

Aug  :: centos7 systemd[]: Started firewalld - dynamic firewall daemon.

Aug  :: centos7 systemd[]: Stopping firewalld - dynamic firewall daemon...

Aug  :: centos7 systemd[]: Stopped firewalld - dynamic firewall daemon.

[root@centos7 html]#

2、安装iptables防火墙

[root@centos7 html]# yum install  -y iptables  iptables-services

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: mirrors..com

 * extras: mirrors.sohu.com

 * updates: mirrors..com

Package iptables-1.4.-.el7.x86_64 already installed and latest version

Package iptables-services-1.4.-.el7.x86_64 already installed and latest version

Nothing to do

[root@centos7 html]# systemctl start iptables

[root@centos7 html]# systemctl status iptables

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: active (exited) since Fri -- :: CST; 14s ago

  Process:  ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=/SUCCESS)

 Main PID:  (code=exited, status=/SUCCESS)

Aug  :: centos7 systemd[]: Starting IPv4 firewall with iptables...

Aug  :: centos7 iptables.init[]: iptables: Applying firewall rules: [  OK  ]

Aug  :: centos7 systemd[]: Started IPv4 firewall with iptables.

[root@centos7 html]# service iptables status

Redirecting to /bin/systemctl status  iptables.service

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: active (exited) since Fri -- :: CST; 28s ago

  Process:  ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=/SUCCESS)

 Main PID:  (code=exited, status=/SUCCESS)

Aug  :: centos7 systemd[]: Starting IPv4 firewall with iptables...

Aug  :: centos7 iptables.init[]: iptables: Applying firewall rules: [  OK  ]

Aug  :: centos7 systemd[]: Started IPv4 firewall with iptables.

[root@centos7 html]#

3、查看iptables配置文件

[root@centos7 html]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     all  --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:mysql

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@centos7 html]# cat /etc/sysconfig/iptables

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [:]

:FORWARD ACCEPT [:]

:OUTPUT ACCEPT [:]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport   -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport   -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

[root@centos7 html]#

4、、设置iptables开机启动

[root@centos7 html]# systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

[root@centos7 html]# systemctl status iptables

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)

   Active: active (exited) since Fri -- :: CST; 2min 22s ago

 Main PID:  (code=exited, status=/SUCCESS)

Aug  :: centos7 systemd[]: Starting IPv4 firewall with iptables...

Aug  :: centos7 iptables.init[]: iptables: Applying firewall rules: [  OK  ]

Aug  :: centos7 systemd[]: Started IPv4 firewall with iptables.

[root@centos7 html]#

最新文章

  1. Java 加解密技术系列文章
  2. Ubuntu 14.04安装mysql
  3. R绘图基础
  4. SQL多表查询:内连接、外连接(左连接、右连接)、全连接、交叉连接
  5. Javascript and DOM学习
  6. OC基础-第1天
  7. PHP 文件写入或追加数据
  8. PowerDesigner 提示 Existence of index、key、reference错误
  9. docker时间和本地时间不一致的问题
  10. 控制使用jquery load()方法载入新页面中的元素
  11. 迅为-IMX6开发板十层PCB制造,24小时开机测试,满负荷测试运行俩天,没有死机
  12. Android Studio2.0 教程从入门到精通Windows版
  13. Java学习笔记(十六):this关键字
  14. nginx rewrite flag
  15. linux系统入门一些常用命令解析
  16. JAX_WS 2.2 规范的webservices客户端实现(Axis2,Cxf)
  17. Delphi的idhttp报IOHandler value is not valid错误的原因
  18. offset大家族(一)
  19. windows 关机 重启 命令
  20. 获取子iframe框架的元素

热门文章

  1. 使用lombok 简化代码
  2. 12.标准标签库(JSTL)
  3. Lucene.Net和盘古分词应用
  4. 轻量级RPC框架-motan
  5. FCN用卷积层代替FC层原因(转)
  6. my.ZC
  7. sql server 笔记(数据类型/新建、修改、删除数据表/)
  8. 打开/关闭网卡无线WIFI模块
  9. jQuery 间歇式无缝滚动特效分享(三张图片平行滚动)
  10. HDU 5384——Danganronpa——————【AC自动机】