|
停止及關閉firewalld
1. To begin with, you should disable Firewalld and make sure it does not start at boot again.
- systemctl stop firewalld
- systemctl disable firewalld
複製代碼
2. Masking the firewalld service creates a symlink from /etc/systemd/system/firewalld.service to /dev/null thus disabling the firewalld service.
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
安裝iptables
Install and configure iptables
1. To enable iptables, first we have to install the “iptables-services” package.
- yum install iptables-services
複製代碼
2. Start and enable the iptables service to be enabled at boot automatically.
- systemctl start iptables
- systemctl enable iptables
複製代碼
Check to see if any rules are left behind from firewalld. By default a fresh intall of iptables would have iptables rules as shown below.
- iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
- ACCEPT icmp -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
複製代碼
清除規則
Clearing leftover firewalld rules
1. If needed you can clear iptables rules left over from firewalld with the following commands.
- iptables -t nat -F
- iptables -t mangle -F
- iptables -F
- iptables -X
- service iptables save
複製代碼
2. Post running the above commands you would get an empty iptable rules as shown below.
- iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
複製代碼
參考文章
https://www.thegeekdiary.com/how ... s-in-centos-rhel-7/
|
|