關閉 centos7 防火牆 firewalld 改用傳統的 iptables
----
關閉 centos7 防火牆 firewalld 改用傳統的 iptables
----
ref: http://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/
# 關閉防火牆(Firewall on RHEL / CentOS / RedHat Linux 7)
# 預設開機不啟動
[root@hnamenode2 ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
# 立即停止
[root@hnamenode2 ~]# systemctl stop firewalld
# 狀態檢查
[root@hnamenode2 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
9月 14 18:48:27 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
9月 14 18:48:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
9月 26 21:00:53 hnamenode2 systemd[1]: Stopping firewalld - dynamic firewall daemon...
9月 26 21:00:54 hnamenode2 systemd[1]: Stopped firewalld - dynamic firewall daemon.
# iptables 檢查
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
----
# 改用傳統的 iptables-services , 安裝
----
[root@hnamenode2 ~]# yum install iptables-utils iptables-services
# 可以重新啟動 iptables
[root@hnamenode2 ~]# systemctl restart iptables.service
# 看看目前系統中的規則
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# 停止 iptables 服務帶出的規則
[root@hnamenode2 ~]# systemctl stop iptables.service
# 規則就會清空
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# 把清空的規則儲存 , 預設存在 /etc/sysconfig/iptables
[root@hnamenode2 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
# 可以檢查看看
[root@hnamenode2 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Sat Sep 26 21:05:46 2015
*filter
:INPUT ACCEPT [13:832]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:1420]
COMMIT
# Completed on Sat Sep 26 21:05:46 2015
# 就算在重新啟動,規則也就清空了。
[root@hnamenode2 ~]# systemctl restart iptables.service
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
留言