新安裝的centos 7 發現有些程式埠是關閉的，想到了防火牆和selinux 

selinx 好關閉 /etc/sysconfig/selinux 中 追加 SELINUX=disabled

防火牆以為也是很好弄，按照以前的老規矩，service iptables stop 或者 chkconfig --level 35 iptables off 

重啟後 執行 systemctl list-unit-files | grep ip  發現還有個ip6tables 沒關  chkconfig --level 35 ip6tables off

再執行 systemctl list-unit-files | grep ip 發現全部都disables 還是不通

沒辦法，只有新增規則了，tptables -I INPUT 1 -p tcp --dport 6259 -j ACCEPT 

然後service iptables save  埠通了

我想這個是不是個BUG ， 也許我沒有找到方法，請告知

Centos7中的防火牆調整為firewalld，試一下systemctl stop firewalld關閉防火牆。



I installed CentOS 7 with minimal configuration (os + dev tools). I am trying to open 80 port for httpd

1. # ifconfig/sbin/service iptables save

2. bash: ifconfig/sbin/service: No such file or directory

3. # /sbin/service iptables save

4. The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

5. # sudo service iptables status

6. Redirecting to /bin/systemctl status iptables.service

7. iptables.service

8. Loaded: not-found (Reason: No such file or directory)

9. Active: inactive (dead)

10. # /sbin/service iptables save

11. The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

12. # sudo service iptables start

13. Redirecting to /bin/systemctl start iptables.service

14. Failed to issue method call: Unit iptables.service failed to load: No such file or directory.

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
 

1. systemctl stop firewalld

2. systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

第三種辦法

[[email protected] ~]# service iptables status

防火牆已停

[[email protected] ~]# service iptables start

[[email protected] ~]# service iptables status

防火牆已停

解決方法：

一、初始化iptables。

iptables -F

service iptables save

service iptables restart

vi /etc/sysconfig/iptables

二、把預置的iptables規則新增進去就可以了：

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT