CenterOS7
防火墙
iptables和firewall间的关系:iptables用于过滤数据包,属于网络层防火墙,firewall能够允许哪些服务可用,那些端口可用....
属于更高一层的防火墙。firewall的底层是使用iptables进行数据过滤,建立在iptables之上。
【关闭firewall和开启iptables】
1、关闭firewall:
systemctl
stop
firewalld.service
#停止firewall
systemctl
disable
firewalld.service
#禁止firewall开机启动
2、安装iptables防火墙
yum
install
iptables-services
#安装
vi
/etc/sysconfig/iptables
#编辑防火墙配置文件
#
Firewall
configuration
written
by
system-config-firewall
#
Manual
customization
of
this
file
is
not
recommended.
*filter
:INPUT
ACCEPT
[0:0]
:FORWARD
ACCEPT
[0:0]
:OUTPUT
ACCEPT
[0:0]
-A
INPUT
-m
state
--state
ESTABLISHED,RELATED
-j
ACCEPT
-A
INPUT
-p
icmp
-j
ACCEPT
-A
INPUT
-i
lo
-j
ACCEPT
-A
INPUT
-m
state
--state
NEW
-m
tcp
-p
tcp
--dport
22
-j
ACCEPT
-A
INPUT
-m
state
--state
NEW
-m
tcp
-p
tcp
--dport
80
-j
ACCEPT
-A
INPUT
-m
state
--state
NEW
-m
tcp
-p
tcp
--dport
3306
-j
ACCEPT
-A
INPUT
-j
REJECT
--reject-with
icmp-host-prohibited
-A
FORWARD
-j
REJECT
--reject-with
icmp-host-prohibited
COMMIT
:wq!
#保存退出
systemctl
restart
iptables.service
#最后重启防火墙使配置生效
systemctl
enable
iptables.service
#设置防火墙开机启动