centos7
iptables :
如果你想使用iptables静态路由规则,那么就禁用centos7默认的firewalld,并安装ipteables-services, 启用iptables和ip6tables;
yum install iptables-services
systemctl mask firewalld.service
systemctl enable iptables.service //添加开启动项
systemctl enable ip6tables.service
静态防火墙规则配置文件路径为 /etc/sysconfig/iptables 和 /etc/sysconfig/ip6tables中,可自己在其中配置规则;
配置完规则以后,需要先停用firewalld,然后启用iptables和ip6tables服务即可:
systemctl stop firewalld.service
systemctl start iptables.service
systemctl start ip6tables.service
firewalld :
* 查看firewalld状态 => firewall-cmd --state
[root@iZ28uvczcf6Z ~]# firewall-cmd --state
running
*开启80端口 => firewall-cmd --zone=public --add-port=80/tcp --permanent
[root@iZ28uvczcf6Z ~]# firewall-cmd --zone=public --add-port=8888/tcp --permanent
success
[root@iZ28uvczcf6Z ~]#
出现success说明成功了;
命令含义: --zone #作用域
--add-port=80/tcp #添加端口,格式为 : 端口/通讯协议
--permanent #永久生效,没有此参数时,重启即失效
* 重启防火墙 => systemctl restart firewalld.service
* 启动 => systemctl start firewalld
禁用 => systemctl disable firewalld
停止 => systemctl stop firewalld
* 查看所有启用的区域的特性 => firewall-cmd --list-all-zones
[root@iZ28uvczcf6Z ~]# firewall-cmd --list-all-zones
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client postgresql ssh
ports: 3333/tcp 80/tcp 6379/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
后记
仅做备忘用...未完待续...
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利;
本文出自:博客园--别问是谁