如何将centos7自带的firewall防火墙更换为iptables防火墙

用惯了centos6的iptables防火墙,对firewall太无感了,那么如何改回原来熟悉的iptables防火墙呢?

1、关闭firewall防火墙

[root@centos7 html]# systemctl stop firewalld #停止firewall防火墙
[root@centos7 html]# systemctl disable firewalld  #禁止firewall开机启动
[root@centos7 html]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Aug 18 22:22:51 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 18 22:22:53 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 18 23:13:56 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 18 23:14:06 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Aug 18 23:34:07 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 18 23:34:09 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 18 23:34:19 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 18 23:34:26 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@centos7 html]# 

2、安装iptables防火墙

[root@centos7 html]# yum install  -y iptables  iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * extras: mirrors.sohu.com
 * updates: mirrors.163.com
Package iptables-1.4.21-17.el7.x86_64 already installed and latest version
Package iptables-services-1.4.21-17.el7.x86_64 already installed and latest version
Nothing to do
[root@centos7 html]# systemctl start iptables
[root@centos7 html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 14s ago
  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 3494 (code=exited, status=0/SUCCESS)

Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.
[root@centos7 html]# service iptables status
Redirecting to /bin/systemctl status  iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 28s ago
  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 3494 (code=exited, status=0/SUCCESS)

Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.
[root@centos7 html]# 

 

 3、查看iptables配置文件

[root@centos7 html]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@centos7 html]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80  -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@centos7 html]# 

 

 4、、设置iptables开机启动

[root@centos7 html]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@centos7 html]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Fri 2017-08-18 23:41:19 CST; 2min 22s ago
 Main PID: 3603 (code=exited, status=0/SUCCESS)

Aug 18 23:41:19 centos7 systemd[1]: Starting IPv4 firewall with iptables...
Aug 18 23:41:19 centos7 iptables.init[3603]: iptables: Applying firewall rules: [  OK  ]
Aug 18 23:41:19 centos7 systemd[1]: Started IPv4 firewall with iptables.
[root@centos7 html]# 

 

posted @ 2017-08-18 23:47  JUSTZHI  阅读(9526)  评论(0编辑  收藏  举报