CentOS 8 如何關閉firewalld 並打開iptables

woff

停止及關閉firewalld
1. To begin with, you should disable Firewalld and make sure it does not start at boot again.

1. systemctl stop firewalld
   
2. systemctl disable firewalld

複製代碼

2. Masking the firewalld service creates a symlink from /etc/systemd/system/firewalld.service to /dev/null thus disabling the firewalld service.

1. systemctl mask firewalld

複製代碼

Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

安裝iptables
Install and configure iptables
1. To enable iptables, first we have to install the “iptables-services” package.

1. yum install iptables-services

複製代碼

2. Start and enable the iptables service to be enabled at boot automatically.

1. systemctl start iptables
   
2. systemctl enable iptables

複製代碼

Check to see if any rules are left behind from firewalld. By default a fresh intall of iptables would have iptables rules as shown below.

1. iptables -L
   
2. Chain INPUT (policy ACCEPT)
   
3. target     prot opt source               destination         
   
4. ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
   
5. ACCEPT     icmp --  anywhere             anywhere            
   
6. ACCEPT     all  --  anywhere             anywhere            
   
7. ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
   
8. REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
   
9. 
   
10. Chain FORWARD (policy ACCEPT)
    
11. target     prot opt source               destination         
    
12. REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
    
13. 
    
14. Chain OUTPUT (policy ACCEPT)
    
15. target     prot opt source               destination         

複製代碼

清除規則
Clearing leftover firewalld rules
1. If needed you can clear iptables rules left over from firewalld with the following commands.

1. iptables -t nat -F
   
2. iptables -t mangle -F
   
3. iptables -F
   
4. iptables -X
   
5. service iptables save

複製代碼

2. Post running the above commands you would get an empty iptable rules as shown below.

1. iptables -L
   
2. Chain INPUT (policy ACCEPT)
   
3. target     prot opt source               destination         
   
4. 
   
5. Chain FORWARD (policy ACCEPT)
   
6. target     prot opt source               destination         
   
7. 
   
8. Chain OUTPUT (policy ACCEPT)
   
9. target     prot opt source               destination         

複製代碼

參考文章
https://www.thegeekdiary.com/how ... s-in-centos-rhel-7/