Centos 7 firewall改为 iptables

前端之家收集整理的这篇文章主要介绍了Centos 7 firewall改为 iptables前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。


CentOS 7 默认是使用Firewall作为防火墙,这里我们把它改为我们熟悉的iptables!


  1. [root@Centos7~]#iptables-vnL#看着很不舒服,改为我们习惯的iptables
  2. ChainINPUT(policyACCEPT0packets,0bytes)
  3. pktsbytestargetprotoptinoutsourcedestination
  4. 39434135ACCEPTall--**0.0.0.0/00.0.0.0/0ctstateRELATED,ESTABLISHED
  5. 00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
  6. 828322INPUT_directall--**0.0.0.0/00.0.0.0/0
  7. 828322INPUT_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
  8. 828322INPUT_ZONESall--**0.0.0.0/00.0.0.0/0
  9. 00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
  10. 808218REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited
  11.  
  12. ChainFORWARD(policyACCEPT0packets,0bytes)
  13. pktsbytestargetprotoptinoutsourcedestination
  14. 00ACCEPTall--**0.0.0.0/00.0.0.0/0ctstateRELATED,ESTABLISHED
  15. 00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
  16. 00FORWARD_directall--**0.0.0.0/00.0.0.0/0
  17. 00FORWARD_IN_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
  18. 00FORWARD_IN_ZONESall--**0.0.0.0/00.0.0.0/0
  19. 00FORWARD_OUT_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
  20. 00FORWARD_OUT_ZONESall--**0.0.0.0/00.0.0.0/0
  21. 00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
  22. 00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited
  23.  
  24. ChainOUTPUT(policyACCEPT41packets,5963bytes)
  25. pktsbytestargetprotoptinoutsourcedestination
  26. 33135720OUTPUT_directall--**0.0.0.0/00.0.0.0/0
  27.  
  28. ChainFORWARD_IN_ZONES(1references)
  29. pktsbytestargetprotoptinoutsourcedestination
  30. 00FWDI_publicall--eno16777728*0.0.0.0/00.0.0.0/0[goto]
  31. 00FWDI_publicall--+*0.0.0.0/00.0.0.0/0[goto]
  32.  
  33. ChainFORWARD_IN_ZONES_SOURCE(1references)
  34. pktsbytestargetprotoptinoutsourcedestination
  35.  
  36. ChainFORWARD_OUT_ZONES(1references)
  37. pktsbytestargetprotoptinoutsourcedestination
  38. 00FWDO_publicall--*eno167777280.0.0.0/00.0.0.0/0[goto]
  39. 00FWDO_publicall--*+0.0.0.0/00.0.0.0/0[goto]
  40.  
  41. ChainFORWARD_OUT_ZONES_SOURCE(1references)
  42. pktsbytestargetprotoptinoutsourcedestination
  43.  
  44. ChainFORWARD_direct(1references)
  45. pktsbytestargetprotoptinoutsourcedestination
  46.  
  47. ChainFWDI_public(2references)
  48. pktsbytestargetprotoptinoutsourcedestination
  49. 00FWDI_public_logall--**0.0.0.0/00.0.0.0/0
  50. 00FWDI_public_denyall--**0.0.0.0/00.0.0.0/0
  51. 00FWDI_public_allowall--**0.0.0.0/00.0.0.0/0
  52.  
  53. ChainFWDI_public_allow(1references)
  54. pktsbytestargetprotoptinoutsourcedestination
  55.  
  56. ChainFWDI_public_deny(1references)
  57. pktsbytestargetprotoptinoutsourcedestination
  58.  
  59. ChainFWDI_public_log(1references)
  60. pktsbytestargetprotoptinoutsourcedestination
  61.  
  62. ChainFWDO_public(2references)
  63. pktsbytestargetprotoptinoutsourcedestination
  64. 00FWDO_public_logall--**0.0.0.0/00.0.0.0/0
  65. 00FWDO_public_denyall--**0.0.0.0/00.0.0.0/0
  66. 00FWDO_public_allowall--**0.0.0.0/00.0.0.0/0
  67.  
  68. ChainFWDO_public_allow(1references)
  69. pktsbytestargetprotoptinoutsourcedestination
  70.  
  71. ChainFWDO_public_deny(1references)
  72. pktsbytestargetprotoptinoutsourcedestination
  73.  
  74. ChainFWDO_public_log(1references)
  75. pktsbytestargetprotoptinoutsourcedestination
  76.  
  77. ChainINPUT_ZONES(1references)
  78. pktsbytestargetprotoptinoutsourcedestination
  79. 152IN_publicall--eno16777728*0.0.0.0/00.0.0.0/0[goto]
  80. 00IN_publicall--+*0.0.0.0/00.0.0.0/0[goto]
  81.  
  82. ChainINPUT_ZONES_SOURCE(1references)
  83. pktsbytestargetprotoptinoutsourcedestination
  84.  
  85. ChainINPUT_direct(1references)
  86. pktsbytestargetprotoptinoutsourcedestination
  87.  
  88. ChainIN_public(2references)
  89. pktsbytestargetprotoptinoutsourcedestination
  90. 828322IN_public_logall--**0.0.0.0/00.0.0.0/0
  91. 828322IN_public_denyall--**0.0.0.0/00.0.0.0/0
  92. 828322IN_public_allowall--**0.0.0.0/00.0.0.0/0
  93.  
  94. ChainIN_public_allow(1references)
  95. pktsbytestargetprotoptinoutsourcedestination
  96. 2104ACCEPTtcp--**0.0.0.0/00.0.0.0/0tcpdpt:22ctstateNEW
  97.  
  98. ChainIN_public_deny(1references)
  99. pktsbytestargetprotoptinoutsourcedestination
  100.  
  101. ChainIN_public_log(1references)
  102. pktsbytestargetprotoptinoutsourcedestination
  103.  
  104. ChainOUTPUT_direct(1references)
  105. pktsbytestargetprotoptinoutsourcedestination
  106. [root@Centos7~]#yum-yinstalliptables#安装iptables,基本上都是存在的
  107. [root@Centos7~]#yum-yinstalliptables-services#安装iptables-services服务
  108. [root@Centos7~]#systemctlstopfirewalld.service#停止firealld服务
  109. [root@Centos7~]#systemctldisablefirewalld.service#禁止firealld服务自动启动
  110. Removedsymlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
  111. Removedsymlink/etc/systemd/system/basic.target.wants/firewalld.service.
  112. [root@Centos7~]#systemctlenableiptables.service#开启iptables自动启动
  113. Createdsymlinkfrom/etc/systemd/system/basic.target.wants/iptables.serviceto/usr/lib/systemd/system/iptables.service.
  114. [root@Centos7~]#systemctlstartiptables.service#开启iptables服务
  115. [root@Centos7~]#iptables-vnL#使用iptables查看,胡三汉回来了!~
  116. ChainINPUT(policyACCEPT0packets,0bytes)
  117. pktsbytestargetprotoptinoutsourcedestination
  118.  
  119. ChainFORWARD(policyACCEPT0packets,0bytes)
  120. pktsbytestargetprotoptinoutsourcedestination
  121.  
  122. ChainOUTPUT(policyACCEPT0packets,0bytes)
  123. pktsbytestargetprotoptinoutsourcedestination
  124. [root@Centos7~]#iptables-save#加载配置文件的规则
  125. #Generatedbyiptables-savev1.4.21onSunOct2302:34:482016
  126. *filter
  127. :INPUTACCEPT[0:0]
  128. :FORWARDACCEPT[0:0]
  129. :OUTPUTACCEPT[121:22068]
  130. -AINPUT-mstate--stateRELATED,ESTABLISHED-jACCEPT
  131. -AINPUT-picmp-jACCEPT
  132. -AINPUT-ilo-jACCEPT
  133. -AINPUT-ptcp-mstate--stateNEW-mtcp--dport22-jACCEPT
  134. -AINPUT-jREJECT--reject-withicmp-host-prohibited
  135. -AFORWARD-jREJECT--reject-withicmp-host-prohibited
  136. COMMIT
  137. #CompletedonSunOct2302:34:482016
  138. [root@Centos7~]#iptables-vnL#查看状态
  139. ChainINPUT(policyACCEPT0packets,0bytes)
  140. pktsbytestargetprotoptinoutsourcedestination
  141. 17913428ACCEPTall--**0.0.0.0/00.0.0.0/0stateRELATED,ESTABLISHED
  142. 00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
  143. 00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
  144. 00ACCEPTtcp--**0.0.0.0/00.0.0.0/0stateNEWtcpdpt:22
  145. 00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited
  146.  
  147. ChainFORWARD(policyACCEPT0packets,0bytes)
  148. pktsbytestargetprotoptinoutsourcedestination
  149. 00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited
  150.  
  151. ChainOUTPUT(policyACCEPT135packets,23948bytes)
  152. pktsbytestargetprotoptinoutsourcedestination
  153. [root@Centos7~]#iptables-F#清空规则
  154. [root@Centos7~]#iptables-save#保持规则
  155. #Generatedbyiptables-savev1.4.21onSunOct2302:35:052016
  156. *filter
  157. :INPUTACCEPT[14:1096]
  158. :FORWARDACCEPT[0:0]
  159. :OUTPUTACCEPT[11:1156]
  160. COMMIT
  161. #CompletedonSunOct2302:35:052016
  162. [root@Centos7~]#serviceiptablessave#也可以使用这个保持规则
  163. iptables:Savingfirewallrulesto/etc/sysconfig/iptables:[OK]
  164. [root@Centos7~]#

猜你在找的CentOS相关文章