Centos 7 firewall改为 iptables

前端之家收集整理的这篇文章主要介绍了Centos 7 firewall改为 iptables前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。


CentOS 7 默认是使用Firewall作为防火墙,这里我们把它改为我们熟悉的iptables!


[root@Centos7~]#iptables-vnL#看着很不舒服,改为我们习惯的iptables
ChainINPUT(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination
39434135ACCEPTall--**0.0.0.0/00.0.0.0/0ctstateRELATED,ESTABLISHED
00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
828322INPUT_directall--**0.0.0.0/00.0.0.0/0
828322INPUT_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
828322INPUT_ZONESall--**0.0.0.0/00.0.0.0/0
00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
808218REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited

ChainFORWARD(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination
00ACCEPTall--**0.0.0.0/00.0.0.0/0ctstateRELATED,ESTABLISHED
00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
00FORWARD_directall--**0.0.0.0/00.0.0.0/0
00FORWARD_IN_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
00FORWARD_IN_ZONESall--**0.0.0.0/00.0.0.0/0
00FORWARD_OUT_ZONES_SOURCEall--**0.0.0.0/00.0.0.0/0
00FORWARD_OUT_ZONESall--**0.0.0.0/00.0.0.0/0
00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited

ChainOUTPUT(policyACCEPT41packets,5963bytes)
pktsbytestargetprotoptinoutsourcedestination
33135720OUTPUT_directall--**0.0.0.0/00.0.0.0/0

ChainFORWARD_IN_ZONES(1references)
pktsbytestargetprotoptinoutsourcedestination
00FWDI_publicall--eno16777728*0.0.0.0/00.0.0.0/0[goto]
00FWDI_publicall--+*0.0.0.0/00.0.0.0/0[goto]

ChainFORWARD_IN_ZONES_SOURCE(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFORWARD_OUT_ZONES(1references)
pktsbytestargetprotoptinoutsourcedestination
00FWDO_publicall--*eno167777280.0.0.0/00.0.0.0/0[goto]
00FWDO_publicall--*+0.0.0.0/00.0.0.0/0[goto]

ChainFORWARD_OUT_ZONES_SOURCE(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFORWARD_direct(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDI_public(2references)
pktsbytestargetprotoptinoutsourcedestination
00FWDI_public_logall--**0.0.0.0/00.0.0.0/0
00FWDI_public_denyall--**0.0.0.0/00.0.0.0/0
00FWDI_public_allowall--**0.0.0.0/00.0.0.0/0

ChainFWDI_public_allow(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDI_public_deny(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDI_public_log(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDO_public(2references)
pktsbytestargetprotoptinoutsourcedestination
00FWDO_public_logall--**0.0.0.0/00.0.0.0/0
00FWDO_public_denyall--**0.0.0.0/00.0.0.0/0
00FWDO_public_allowall--**0.0.0.0/00.0.0.0/0

ChainFWDO_public_allow(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDO_public_deny(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainFWDO_public_log(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainINPUT_ZONES(1references)
pktsbytestargetprotoptinoutsourcedestination
152IN_publicall--eno16777728*0.0.0.0/00.0.0.0/0[goto]
00IN_publicall--+*0.0.0.0/00.0.0.0/0[goto]

ChainINPUT_ZONES_SOURCE(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainINPUT_direct(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainIN_public(2references)
pktsbytestargetprotoptinoutsourcedestination
828322IN_public_logall--**0.0.0.0/00.0.0.0/0
828322IN_public_denyall--**0.0.0.0/00.0.0.0/0
828322IN_public_allowall--**0.0.0.0/00.0.0.0/0

ChainIN_public_allow(1references)
pktsbytestargetprotoptinoutsourcedestination
2104ACCEPTtcp--**0.0.0.0/00.0.0.0/0tcpdpt:22ctstateNEW

ChainIN_public_deny(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainIN_public_log(1references)
pktsbytestargetprotoptinoutsourcedestination

ChainOUTPUT_direct(1references)
pktsbytestargetprotoptinoutsourcedestination
[root@Centos7~]#yum-yinstalliptables#安装iptables,基本上都是存在的
[root@Centos7~]#yum-yinstalliptables-services#安装iptables-services服务
[root@Centos7~]#systemctlstopfirewalld.service#停止firealld服务
[root@Centos7~]#systemctldisablefirewalld.service#禁止firealld服务自动启动
Removedsymlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removedsymlink/etc/systemd/system/basic.target.wants/firewalld.service.
[root@Centos7~]#systemctlenableiptables.service#开启iptables自动启动
Createdsymlinkfrom/etc/systemd/system/basic.target.wants/iptables.serviceto/usr/lib/systemd/system/iptables.service.
[root@Centos7~]#systemctlstartiptables.service#开启iptables服务
[root@Centos7~]#iptables-vnL#使用iptables查看,胡三汉回来了!~
ChainINPUT(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination

ChainFORWARD(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination

ChainOUTPUT(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination
[root@Centos7~]#iptables-save#加载配置文件的规则
#Generatedbyiptables-savev1.4.21onSunOct2302:34:482016
*filter
:INPUTACCEPT[0:0]
:FORWARDACCEPT[0:0]
:OUTPUTACCEPT[121:22068]
-AINPUT-mstate--stateRELATED,ESTABLISHED-jACCEPT
-AINPUT-picmp-jACCEPT
-AINPUT-ilo-jACCEPT
-AINPUT-ptcp-mstate--stateNEW-mtcp--dport22-jACCEPT
-AINPUT-jREJECT--reject-withicmp-host-prohibited
-AFORWARD-jREJECT--reject-withicmp-host-prohibited
COMMIT
#CompletedonSunOct2302:34:482016
[root@Centos7~]#iptables-vnL#查看状态
ChainINPUT(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination
17913428ACCEPTall--**0.0.0.0/00.0.0.0/0stateRELATED,ESTABLISHED
00ACCEPTicmp--**0.0.0.0/00.0.0.0/0
00ACCEPTall--lo*0.0.0.0/00.0.0.0/0
00ACCEPTtcp--**0.0.0.0/00.0.0.0/0stateNEWtcpdpt:22
00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited

ChainFORWARD(policyACCEPT0packets,0bytes)
pktsbytestargetprotoptinoutsourcedestination
00REJECTall--**0.0.0.0/00.0.0.0/0reject-withicmp-host-prohibited

ChainOUTPUT(policyACCEPT135packets,23948bytes)
pktsbytestargetprotoptinoutsourcedestination
[root@Centos7~]#iptables-F#清空规则
[root@Centos7~]#iptables-save#保持规则
#Generatedbyiptables-savev1.4.21onSunOct2302:35:052016
*filter
:INPUTACCEPT[14:1096]
:FORWARDACCEPT[0:0]
:OUTPUTACCEPT[11:1156]
COMMIT
#CompletedonSunOct2302:35:052016
[root@Centos7~]#serviceiptablessave#也可以使用这个保持规则
iptables:Savingfirewallrulesto/etc/sysconfig/iptables:[OK]
[root@Centos7~]#

猜你在找的CentOS相关文章