10.19 iptables规则备份和恢复
10.20 firewalld的9个zone
10.21 firewalld关于zone的操作
10.22 firewalld关于service的操作
10.23 linux任务计划cron
10.24 chkconfig工具
10.25 systemd管理服务
10.26 unit介绍
10.27 target介绍
10.19 iptables规则备份和恢复
service iptables save #将规则保存到/etc/sysconfig/iptables
[root@xinlinux-02 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 确定 ]
iptables-save > my.ipt #把iptables规则备份到my.ipt文件
iptables-restore < my.ipt #恢复杠备份的文件
[root@xinlinux-02 ~]# iptables-save > my.ipt
[root@xinlinux-02 ~]# iptables -F
[root@xinlinux-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 35 packets, 2485 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 18 packets, 1880 bytes)
pkts bytes target prot opt in out source destination
[root@xinlinux-02 ~]# iptables-restore < my.ipt
[root@xinlinux-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6 428 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 4 packets, 480 bytes)
pkts bytes target prot opt in out source destination
10.20 firewalld的9个zone
##禁掉iptables,打开firewalld
systemctl disable iptables #禁止iptables开机自启
systemctl stop iptables #关闭iptables服务
systemctl enable firewalld #firewalld开机自启
systemctl start firewalld #开启firewalld
[root@xinlinux-02 ~]# systemctl disable iptables
Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
[root@xinlinux-02 ~]# systemctl stop iptables
[root@xinlinux-02 ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@xinlinux-02 ~]# systemctl start firewalld
[root@xinlinux-02 ~]#
firewalld默认有9个zone
#默认zone为public
firewall-cmd --get-zones #查看所有zone
[root@xinlinux-02 ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
firewall-cmd --get-default-zone #查看默认zone
[root@xinlinux-02 ~]# firewall-cmd --get-default-zone
public
##firewalld的9个zone
drop(丢弃) |
任何接受的网络数据包被丢弃,每一任何恢复。仅能有发送出去的网络连接 |
block (限制) |
任何接受的网络连接都被IPv4的cimp-host-prohibited信息和IPv6的cimp6-host-prohibited信息所拒绝 |
public (公共) |
在公共区域内使用,不能相信网络内的其他计算机不会对你的计算机造成危害,只能接收经过选取的连接。 < |