Linux Centos7防火墙

从centos6升级到Centos7，防火墙命令变化了，但是还是习惯以前的iptables命令。本文记录如何开启iptables规则的防火墙。

1.Centos7自带防火墙关闭

• 查看防火墙状态

# firewall-cmd --state

not running

• 停止firewall

# systemctl stop firewalld.service

• 禁止firewall开机启动

# systemctl disable firewalld.service

2.安装配置iptables

• 安装

# yum install -y iptables-services

• 编辑防火墙配置文件

这个是默认规则

# vim /etc/sysconfig/iptables

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

修改规则保存退出

• 重启防火墙

# systemctl restart iptables.service      #最后重启防火墙使配置生效

3.其他命令

# 设置防火墙开机启动
# systemctl enable iptables.service     
# 禁止iptables服务
# systemctl disable iptables     
# 暂停服务
# systemctl stop iptables         
# 解除禁止iptables
# systemctl enable iptables     
# 开启服务
# systemctl start iptables