前言
從Centos6升級到Centos7,防火牆命令變化了,但是還是習慣以前的iptables命令。本文記錄如何開啟iptables規則的防火牆。
1.Centos7自帶防火牆關閉
- 查看防火牆狀態
<code># firewall-cmd --state not running/<code>
- 停止firewall
<code># systemctl stop firewalld.service/<code>
- 禁止firewall開機啟動
<code># systemctl disable firewalld.service/<code>
2.安裝配置iptables
- 安裝
<code># yum install -y iptables-services/<code>
- 編輯防火牆配置文件
這個是默認規則
<code># vim /etc/sysconfig/iptables # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT/<code>
修改規則保存退出
- 重啟防火牆
<code># systemctl restart iptables.service #最後重啟防火牆使配置生效/<code>
3.其他命令
<code># 設置防火牆開機啟動 # systemctl enable iptables.service # 禁止iptables服務 # systemctl disable iptables # 暫停服務 # systemctl stop iptables # 解除禁止iptables # systemctl enable iptables # 開啟服務 # systemctl start iptables /<code>