一、题目:CentOS7 禁用firewall防火墙 启用iptables 步骤
二、要求:CentOS7 的防火墙默认是firewall 防火墙,现在需要启用iptables防火墙并完成常用的配置。
三、步骤:
1. 关闭firewall
1 systemctl stop firewalld.service # 停止firewall 2 systemctl disable firewalld.service # 禁止firewall 开机启动 3 systemctl status firewalld.service # firewall 服务启动状态
2. 安装iptables并配置
1 yum install iptables-services # 安装iptables服务
[root@localhost ~]# vi /etc/sysconfig/iptables # 修改iptables配置文件
# sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # 增加一些端口规范 -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
3. 重启服务并设置为开启启动
1 systemctl restart iptables.service # 最后重启使配置生效 2 systemctl enable iptables.service # 设置防火墙开启启动
四、参考文献
1 http://www.linuxidc.com/Linux/2015-05/117473.htm # 配置说明
2 http://www.linuxidc.com/Linux/2014-03/99159.htm # 使用规范说明