CentOS 7.1配置防火墙
时间:2015-07-05 03:56 来源:linux.it.net.cn 作者:IT
// 查看 firewalld
[root@itnetcn sysconfig]# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since 四 2015-07-02 15:19:05 CST; 1 day 10h ago
Main PID: 901 (firewalld)
CGroup: /system.slice/firewalld.service
└─901 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall .....
7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@itnetcn sysconfig]#
// 关闭 firewalld
[root@itnetcn sysconfig]# systemctl stop firewalld.service
[root@itnetcn sysconfig]# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since 六 2015-07-04 01:29:24 CST; 2s ago
Main PID: 901 (code=exited, status=0/SUCCESS)
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall .....
7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n.
7月 04 01:29:23 itnetcn systemd[1]: Stopping firewalld - dynamic firewall .....
7月 04 01:29:24 itnetcn systemd[1]: Stopped firewalld - dynamic firewall d...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@itnetcn sysconfig]#
// 禁止开机启动 firewalld
[root@itnetcn sysconfig]# systemctl disable firewalld.service
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@itnetcn sysconfig]# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall .....
7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n.
7月 04 01:29:23 itnetcn systemd[1]: Stopping firewalld - dynamic firewall .....
7月 04 01:29:24 itnetcn systemd[1]: Stopped firewalld - dynamic firewall d...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@itnetcn sysconfig]#
// 安装 iptables
[root@itnetcn sysconfig]# yum install iptables-services
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
正在解决依赖关系
--> 正在检查事务
---> 软件包 iptables-services.x86_64.0.1.4.21-13.el7 将被 安装
--> 解决依赖关系完成
// 配置 iptables
[root@itnetcn sysconfig]# vi /etc/sysconfig/iptables
[root@itnetcn sysconfig]#
# allowed ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
// 重启防火墙
[root@itnetcn sysconfig]# service iptables restart
Redirecting to /bin/systemctl restart iptables.service
[root@itnetcn sysconfig]# systemctl restart iptables.service
[root@itnetcn sysconfig]#
(责任编辑:IT)
// 查看 firewalld [root@itnetcn sysconfig]# systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since 四 2015-07-02 15:19:05 CST; 1 day 10h ago Main PID: 901 (firewalld) CGroup: /system.slice/firewalld.service └─901 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall ..... 7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n. Hint: Some lines were ellipsized, use -l to show in full. [root@itnetcn sysconfig]#
// 关闭 firewalld [root@itnetcn sysconfig]# systemctl stop firewalld.service [root@itnetcn sysconfig]# systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since 六 2015-07-04 01:29:24 CST; 2s ago Main PID: 901 (code=exited, status=0/SUCCESS)
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall ..... 7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n. 7月 04 01:29:23 itnetcn systemd[1]: Stopping firewalld - dynamic firewall ..... 7月 04 01:29:24 itnetcn systemd[1]: Stopped firewalld - dynamic firewall d...n. Hint: Some lines were ellipsized, use -l to show in full. [root@itnetcn sysconfig]#
// 禁止开机启动 firewalld [root@itnetcn sysconfig]# systemctl disable firewalld.service rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service' [root@itnetcn sysconfig]# systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead)
7月 02 15:19:04 itnetcn systemd[1]: Starting firewalld - dynamic firewall ..... 7月 02 15:19:05 itnetcn systemd[1]: Started firewalld - dynamic firewall d...n. 7月 04 01:29:23 itnetcn systemd[1]: Stopping firewalld - dynamic firewall ..... 7月 04 01:29:24 itnetcn systemd[1]: Stopped firewalld - dynamic firewall d...n. Hint: Some lines were ellipsized, use -l to show in full. [root@itnetcn sysconfig]#
// 安装 iptables [root@itnetcn sysconfig]# yum install iptables-services 已加载插件:fastestmirror, langpacks Repository base is listed more than once in the configuration Repository updates is listed more than once in the configuration Repository extras is listed more than once in the configuration Repository centosplus is listed more than once in the configuration Repository base is listed more than once in the configuration Repository updates is listed more than once in the configuration Repository extras is listed more than once in the configuration Repository centosplus is listed more than once in the configuration Loading mirror speeds from cached hostfile 正在解决依赖关系 --> 正在检查事务 ---> 软件包 iptables-services.x86_64.0.1.4.21-13.el7 将被 安装 --> 解决依赖关系完成
// 配置 iptables [root@itnetcn sysconfig]# vi /etc/sysconfig/iptables [root@itnetcn sysconfig]# # allowed ssh -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
// 重启防火墙 [root@itnetcn sysconfig]# service iptables restart Redirecting to /bin/systemctl restart iptables.service [root@itnetcn sysconfig]# systemctl restart iptables.service [root@itnetcn sysconfig]# (责任编辑:IT) |