介绍
从Centos7开始,firewalld替换iptables作为默认的防火墙管理工具。
firewalld是通过叫做firewall-cmd的命令行工具管理的。如果你更喜欢iptables,可以禁止firewalld,使用iptables。
禁止firewalld
*确保拥有sudo权限
关闭服务
sudo systemctl stop firewalld
禁止开机时候服务自动启动
sudo systemctl disable firewalld
阻止服务被其他服务启动
sudo systemctl mask --now firewalld
安装iptables
安装iptables服务
sudo yum install iptables-services
开启服务
sudo systemctl start iptables
sudo systemctl start iptables6
开机时自启动服务
sudo systemctl enable iptables
sudo systemctl enable iptables6
检查服务状态
sudo systemctl status iptables
sudo systemctl status iptables6
检查当前的iptables规则
sudo iptables -nvL
sudo iptables6 -nvL
默认只有22端口是开放的,输出如下:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5400 6736K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2 148 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 4298 packets, 295K bytes)
pkts bytes target prot opt in out source destination