> CentOS > CentOS入门 >

centos 7 中防火墙的关闭问题

新安装的centos 7 发现有些程序端口是关闭的,想到了防火墙和selinux 
 
selinx 好关闭 /etc/sysconfig/selinux 中 追加 SELINUX=disabled
 
防火墙以为也是很好弄,按照以前的老规矩,service iptables stop 或者 chkconfig --level 35 iptables off 
 
重启后 运行 systemctl list-unit-files | grep ip  发现还有个ip6tables 没关  chkconfig --level 35 ip6tables off
 
再运行 systemctl list-unit-files | grep ip 发现全部都disables 还是不通
 
没办法,只有添加规则了,tptables -I INPUT 1 -p tcp --dport 6259 -j ACCEPT 
 
然后service iptables save  端口通了
 
 
 
我想这个是不是个BUG , 也许我没有找到方法,请告知
 
 
 
Centos7中的防火墙调整为firewalld,试一下systemctl stop firewalld关闭防火墙。



I installed CentOS 7 with minimal configuration (os + dev tools). I am trying to open 80 port for httpdservice, but something wrong with my iptables service ... what's wrong with it? What am I doing wrong?

# ifconfig/sbin/service iptables save
bash: ifconfig/sbin/service: No such file or directory


# /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

# sudo service iptables status
Redirecting to /bin/systemctl status  iptables.service
iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

# /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

# sudo service iptables start
Redirecting to /bin/systemctl start  iptables.service
Failed to issue method call: Unit iptables.service failed to load: No such file or directory.


With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
 

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save
(责任编辑:IT)