CentOS 8 如何關閉firewalld 並打開iptables
停止及關閉firewalld1. To begin with, you should disable Firewalld and make sure it does not start at boot again.
systemctl stop firewalld
systemctl disable firewalld
2. Masking the firewalld service creates a symlink from /etc/systemd/system/firewalld.service to /dev/null thus disabling the firewalld service.
systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
安裝iptables
Install and configure iptables
1. To enable iptables, first we have to install the “iptables-services” package.
yum install iptables-services
2. Start and enable the iptables service to be enabled at boot automatically.
systemctl start iptables
systemctl enable iptables
Check to see if any rules are left behind from firewalld. By default a fresh intall of iptables would have iptables rules as shown below.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all--anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp --anywhere anywhere
ACCEPT all--anywhere anywhere
ACCEPT tcp--anywhere anywhere state NEW tcp dpt:ssh
REJECT all--anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all--anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
清除規則
Clearing leftover firewalld rules
1. If needed you can clear iptables rules left over from firewalld with the following commands.
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
service iptables save
2. Post running the above commands you would get an empty iptable rules as shown below.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
參考文章
https://www.thegeekdiary.com/how-to-disable-firewalld-and-and-switch-to-iptables-in-centos-rhel-7/
頁:
[1]