前言

从Centos6升级到Centos7,防火墙命令变化了,但是还是习惯以前的iptables命令

1.Centos7自带防火墙关闭

  • 查看防火墙状态
  1. # firewall-cmd --state
  3. not running
  • 停止firewall
  1. # systemctl stop firewalld.service
  • 禁止firewall开机启动
  1. # systemctl disable firewalld.service

2.安装配置iptables

  • 安装
  1. # yum install -y iptables-services
  • 编辑防火墙配置文件

这个是默认规则

  1. # vim /etc/sysconfig/iptables
  3. # sample configuration for iptables service
  4. # you can edit this manually or use system-config-firewall
  5. # please do not ask us to add additional ports/services to this default configuration
  6. *filter
  7. :INPUT ACCEPT [0:0]
  8. :FORWARD ACCEPT [0:0]
  9. :OUTPUT ACCEPT [0:0]
  10. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  11. -A INPUT -p icmp -j ACCEPT
  12. -A INPUT -i lo -j ACCEPT
  13. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  14. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  15. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  16. COMMIT

修改规则保存退出

  • 重启防火墙
  1. # systemctl restart iptables.service      #最后重启防火墙使配置生效

3.其他命令

  1. # 设置防火墙开机启动
  2. # systemctl enable iptables.service     
  3. # 禁止iptables服务
  4. # systemctl disable iptables     
  5. # 暂停服务
  6. # systemctl stop iptables         
  7. # 解除禁止iptables
  8. # systemctl enable iptables     
  9. # 开启服务
  10. # systemctl start iptables