從CentOS6升級(jí)到CentOS7時(shí)，防火墻命令已更改，但是我仍然習(xí)慣于以前的iptables命令。 本文介紹如何啟用iptables規(guī)則防火墻。

1.CentOS7自帶防火墻關(guān)閉

查看防火墻狀態(tài)(not running代表沒(méi)開(kāi)啟)

# firewall-cmd --state

not running

停止firewall

# systemctl stop firewalld.service

禁止firewall開(kāi)機(jī)啟動(dòng)

# systemctl disable firewalld.service

2.安裝配置iptables

安裝

# yum install -y iptables-services

編輯防火墻配置文件

默認(rèn)規(guī)則如下，修改規(guī)則保存退出。

# vim /etc/sysconfig/iptables# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT

重啟防火墻

# systemctl restart iptables.service #最后重啟防火墻使配置生效。

3.其他命令

設(shè)置防火墻開(kāi)機(jī)啟動(dòng)

# systemctl enable iptables.service

禁止iptables服務(wù)

# systemctl disable iptables

暫停服務(wù)

# systemctl stop iptables

解除禁止iptables

# systemctl enable iptables

開(kāi)啟服務(wù)

# systemctl start iptables