CentOS7 關閉防火牆操作方法
新安裝的centos 7 發現有些程式埠是關閉的,想到了防火牆和selinux
selinx 好關閉 /etc/sysconfig/selinux 中 追加 SELINUX=disabled
防火牆以為也是很好弄,按照以前的老規矩,service iptables stop 或者 chkconfig --level 35 iptables off
重啟後 執行 systemctl list-unit-files | grep ip 發現還有個ip6tables 沒關 chkconfig --level 35 ip6tables off
再執行 systemctl list-unit-files | grep ip 發現全部都disables 還是不通
沒辦法,只有新增規則了,tptables -I INPUT 1 -p tcp --dport 6259 -j ACCEPT
然後service iptables save 埠通了
我想這個是不是個BUG , 也許我沒有找到方法,請告知
Centos7中的防火牆調整為firewalld,試一下systemctl stop firewalld關閉防火牆。
I installed CentOS 7 with minimal configuration (os + dev tools). I am trying to open 80 port for httpd
-
# ifconfig/sbin/service iptables save
-
bash: ifconfig/sbin/service: No such file or directory
-
# /sbin/service iptables save
-
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
-
# sudo service iptables status
-
Redirecting to /bin/systemctl status iptables.service
-
iptables.service
-
Loaded: not-found (Reason: No such file or directory)
-
Active: inactive (dead)
-
# /sbin/service iptables save
-
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
-
# sudo service iptables start
-
Redirecting to /bin/systemctl start iptables.service
-
Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.
It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
-
systemctl stop firewalld
-
systemctl mask firewalld
Then, install the iptables-services package:
yum install iptables-services
Enable the service at boot-time:
systemctl enable iptables
Managing the service
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:
service iptables save
or
/usr/libexec/iptables/iptables.init save
第三種辦法
[[email protected] ~]# service iptables status
防火牆已停
[[email protected] ~]# service iptables start
[[email protected] ~]# service iptables status
防火牆已停
解決方法:
一、初始化iptables。
iptables -F
service iptables save
service iptables restart
vi /etc/sysconfig/iptables
二、把預置的iptables規則新增進去就可以了:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT