学习linux16

最新推荐文章于 2024-04-08 22:24:56 发布

qinaki

最新推荐文章于 2024-04-08 22:24:56 发布

阅读量623

点赞数 1

本文链接：https://blog.csdn.net/qinaki/article/details/89388797

版权

学习笔记

iptables规则备份和恢复

保存和备份iptables规则：前面设置的防火墙规则没有保存在文件中，重启后设定规则就没有了。

service iptables save  //会把规则保存到/etc/sysconfig/iptables

把iptables 规则备份到my.ipt文件中

iptables-save > my.ipt

恢复刚才备份的规则

iptables-restore < my.ipt

备份防火墙规则到/tmp/ipt.txt下并查看
在这里插入图片描述
保存并清空规则

[root@qklinux-01 ~]# iptables-restore < /tmp/ipt.txt
[root@qklinux-01 ~]# iptables-save > /tmp/ipt.txt
[root@qklinux-01 ~]# iptables -t nat -F
[root@qklinux-01 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

恢复备份的规则

 [root@qklinux-01 ~]# iptables-restore < /tmp/ipt.txt
[root@qklinux-01 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.18.138       tcp dpt:1122 to:192.168.100.100:22

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  *      *       192.168.100.100      0.0.0.0/0            to:192.168.18.138

防火墙firewalld的9个zone

打开firewalld

systemctl disable iptables
systemctl stop iptables
systemctl enable firewalld
systemctl start firewalld

 [root@qklinux-01 ~]# systemctl disable iptables
    Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
    [root@qklinux-01 ~]# systemctl stop iptables
    [root@qklinux-01 ~]# systemctl enable firewalld
    Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
    Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
    [root@qklinux-01 ~]# systemctl start firewalld

firewalld 默认有9个zone(zone是firewalld一个单位)默认zone为public,每个zone是一个规则集
在这里插入图片描述
firewall-cmd –get-zones //查看所有zone

firewall-cmd –get-default-zone//查看默认zone

[root@qklinux-01 ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
[root@qklinux-01 ~]# firewall-cmd --get-default-zone
public

firewalld关于zone的操作

firewall-cmd –set-default-zone=work //设定默认zone

firewall-cmd –get-zone-of-interface=ens33 //指定网卡

firewall-cmd –zone=public –add-interface=lO//给指定网卡设置zone

firewall-cmd –zone=dmz –change-interface=lO//针对网卡更改zone

firewall-cmd –zone=dmz –remove-intaerface=lO针对网卡删除zone

firewall-cmd –get-active-zones //查看系统所有网卡所在的zone

指定修改zone为work

[root@qklinux-01 ~]# firewall-cmd --set-default-zone=work
success
[root@qklinux-01 ~]# firewall-cmd --get-default-zone
work

查看指定网卡

最低0.47元/天解锁文章

qinaki

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
学习linux16

学习笔记iptables规则备份和恢复保存和备份iptables规则：前面设置的防火墙规则没有保存在文件中，重启后设定规则就没有了。service iptables save //会把规则保存到/etc/sysconfig/iptables把iptables 规则备份到my.ipt文件中iptables-save > my.ipt恢复刚才备份的规则iptables-res...
复制链接

扫一扫