關閉 centos7 防火牆 firewalld 改用傳統的 iptables


----
關閉 centos7 防火牆 firewalld 改用傳統的 iptables
----
ref: http://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/
# 關閉防火牆(Firewall on RHEL / CentOS / RedHat Linux 7)


# 預設開機不啟動
[root@hnamenode2 ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

# 立即停止
[root@hnamenode2 ~]# systemctl stop firewalld

# 狀態檢查
[root@hnamenode2 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)

 9月 14 18:48:27 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
 9月 14 18:48:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
 9月 26 21:00:53 hnamenode2 systemd[1]: Stopping firewalld - dynamic firewall daemon...
 9月 26 21:00:54 hnamenode2 systemd[1]: Stopped firewalld - dynamic firewall daemon.

# iptables 檢查
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

----
# 改用傳統的 iptables-services , 安裝
----
[root@hnamenode2 ~]# yum install iptables-utils iptables-services

# 可以重新啟動 iptables
[root@hnamenode2 ~]# systemctl restart  iptables.service
# 看看目前系統中的規則
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

# 停止 iptables 服務帶出的規則
[root@hnamenode2 ~]# systemctl stop  iptables.service
# 規則就會清空
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

# 把清空的規則儲存 , 預設存在 /etc/sysconfig/iptables
[root@hnamenode2 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

# 可以檢查看看
[root@hnamenode2 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Sat Sep 26 21:05:46 2015
*filter
:INPUT ACCEPT [13:832]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:1420]
COMMIT
# Completed on Sat Sep 26 21:05:46 2015

# 就算在重新啟動,規則也就清空了。
[root@hnamenode2 ~]# systemctl restart  iptables.service
[root@hnamenode2 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


留言

這個網誌中的熱門文章

Linux 下使用終端機連接 switch (minicom)

VMWARE VM linux 擴充硬碟空間

透過 curl 的 timeout 設定識別 http 的網路連線壅塞問題