如何将centos7自带的firewall防火墙更换为iptables防火墙

用惯了centos6的iptables防火墙,对firewall太无感了,那么如何改回原来熟悉的iptables防火墙呢?

1、关闭firewall防火墙

[[email protected] html]# systemctl stop firewalld #停止firewall防火墙
[[email protected] html]# systemctl disable firewalld  #禁止firewall开机启动
[[email protected] html]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Aug 18 22:22:51 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 18 22:22:53 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 18 23:13:56 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 18 23:14:06 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Aug 18 23:34:07 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 18 23:34:09 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 18 23:34:19 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 18 23:34:26 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.
[[email protected] html]#

2、安装iptables防火墙

[[email protected] html]# yum install  -y iptables  iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * extras: mirrors.sohu.com
 * updates: mirrors.163.com
Package iptables-1.4.21-17.el7.x86_64 already installed and latest version
Package iptables-services-1.4.21-17.el7.x86_64 already installed and latest version
Nothing to do
[[email protected] html]# systemctl start iptables
[[email protected] html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 14s ago
  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 3494 (code=exited, status=0/SUCCESS)

Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.
[[email protected] html]# service iptables status
Redirecting to /bin/systemctl status  iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 28s ago
  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 3494 (code=exited, status=0/SUCCESS)

Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.
[[email protected] html]#

3、查看iptables配置文件

[[email protected] html]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[[email protected] html]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80  -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[[email protected] html]#

4、、设置iptables开机启动

[[email protected] html]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[[email protected] html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:41:19 CST; 2min 22s ago
 Main PID: 3603 (code=exited, status=0/SUCCESS)

Aug 18 23:41:19 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:41:19 centos7 iptables.init[3603]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:41:19 centos7 systemd[1]: Started IPv4 firewall with iptables.
[[email protected] html]#
时间: 2024-12-21 23:01:59

如何将centos7自带的firewall防火墙更换为iptables防火墙的相关文章

【整理笔记-防火墙】实现iptables防火墙搭建

搭建防火墙,配置防火墙. - - 系统centos7 . centos7自带firewalld,由于看firewalld命令行没有接触过,所以安装iptables防火墙. 1:禁用firewalld firewall-cmd --state 查看系统自带防火墙状态. 用systemctl stop firewalld.service   禁止立即生效, systemctl disable firewalld.service  永久关闭firewalld.执行完再看一下防火墙状态, 显示为not

【转载】centos7 关闭firewall防火墙指令以及更换安装iptables并配置

转载连接 http://ashui.net/archives/2015/943.html 一.配置防火墙,开启80端口.3306端口 CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙. 1.关闭firewall: systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 2.安装iptables防火墙 Linux学习,

CentOS7安装iptables防火墙

CentOS7默认的防火墙不是iptables,而是firewalle. 安装iptable iptable-service #先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables yum update iptables #安装iptables-services yum install iptables-services 禁用/停止自带的firewalld服务 #停止fir

CentOS7安装配置iptables防火墙

转载请注明出处:http://blog.csdn.net/l1028386804/article/details/50779761 CentOS7默认的防火墙不是iptables,而是firewalle. 安装iptable iptable-service [plain] view plain copy #先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables yum upd

centos7 && centos6.5部KVM使用NAT联网并为虚拟机配置firewalld && iptables防火墙端口转发

centos7 && centos6.5 部KVM使用NAT联网并为虚拟机配置firewalld && iptables防火墙端口转发 一.准备工作: 1: 检查kvm是否支持a: grep '(vmx|svm)' /proc/cpuinfo vmx是intel cpu支持的svm是AMD cpu支持的如果flags: 里有vmx 或者svm就说明支持VT:如果没有任何的输出,说明你的cpu不支持,将无法使用KVM虚拟机. b: 确保BIOS里开启VT: Intel(R)

centos7自带流量监控软件iftop

2019-09-02 centos7自带流量监控软件iftop 安装: 本地包没有iftop软件包,需要安装第三方软件源 yum install epel-release 安装完成之后,清理yum缓存,再安装 yum clean all yum install iftop -y 完成之后,即可使用 软解效果截图 原文地址:https://www.cnblogs.com/fqxy/p/11448094.html

基础运维:iptables防火墙入门到掌握

一.简介 IPTABLES 是与最新的 3.5 版本 Linux 内核集成的 IP 信息包过滤系统.如果 Linux 系统连接到因特网或 LAN.服务器或连接 LAN 和因特网的代理服务器, 则该系统有利于在 Linux 系统上更好地控制 IP 信息包过滤和防火墙配置.防火墙在做数据包过滤决定时,有一套遵循和组成的规则,这些规则存储在专用的数据包过滤表中,而这些表集成在 Linux 内核中.在数据包过滤表中,规则被分组放在我们所谓的链(chain)中.而netfilter/iptables IP

CentOS 7.0启用iptables防火墙

作者为了配置防火墙,寻找iptables服务不得,直到某一刻! 才发现,我用的是centos7 ,而这个版本的防火墙,默认使用的是firewall,与之前的版本使用iptables是不一样的,这点很重要! 所以如果要配置防火墙,开启端口的话,可以用如下做法: 1.关闭firewall: systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 2.安装iptab

iptables防火墙介绍+实战

第1章 iptables防火墙简介 Netfilter/Iptables(以下简称Iptables)是unix/linux自带的一款优秀且开放源代码的完全自由的基于包过滤的防火墙工具,它的功能十分强大,使用非常灵活,可以对流入和流出服务器的数据包进行很精细的控制.特别是它可以在一台非常低的硬件配置下跑的非常好.iptables+zebra+squid Iptables是linux2.4及2.6内核中集成的服务.其功能与安全性比其老一辈ipfwadm,ipchains强大的多,Iptables主要