- 关闭firewalld
systemctl stop firewalld && systemctl disable firewalld
- 安装iptables
yum -y install iptables-services
3、启动启动
systemctl enable --now iptables
4、配置文件位置
[root@node01 ~]# ll /etc/sysconfig/iptables
-rw-------. 1 root root 550 10月 2 2020 /etc/sysconfig/iptables
5、查看配置文件内容
[root@node01 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #这个条件表示所有处于ESTABLISHED或者RELATED状态的包,策略都是接受的
-A INPUT -p icmp -j ACCEPT #允许 icmp 协议的包访问
-A INPUT -i lo -j ACCEPT #允许本地回环网卡访问
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT #允许初始状态时访问本机的 22/tcp端口
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT