close

停止及關閉firewalld
1. To begin with, you should disable Firewalld and make sure it does not start at boot again.
 

  1. systemctl stop firewalld
  2. systemctl disable firewalld
複製代碼


2. Masking the firewalld service creates a symlink from /etc/systemd/system/firewalld.service to /dev/null thus disabling the firewalld service.

 

  1. systemctl mask firewalld
複製代碼


Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

安裝iptables
Install and configure iptables
1. To enable iptables, first we have to install the “iptables-services” package.
 

  1. yum install iptables-services
複製代碼


2. Start and enable the iptables service to be enabled at boot automatically.
 

  1. systemctl start iptables
  2. systemctl enable iptables
複製代碼


Check to see if any rules are left behind from firewalld. By default a fresh intall of iptables would have iptables rules as shown below.
 

  1. iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target     prot opt source               destination         
  4. ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
  5. ACCEPT     icmp --  anywhere             anywhere            
  6. ACCEPT     all  --  anywhere             anywhere            
  7. ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
  8. REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
  9.  
  10. Chain FORWARD (policy ACCEPT)
  11. target     prot opt source               destination         
  12. REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
  13.  
  14. Chain OUTPUT (policy ACCEPT)
  15. target     prot opt source               destination         
複製代碼


肅清規則
Clearing leftover firewalld rules
1. If needed you can clear iptables rules left over from firewalld with the following commands.
 

  1. iptables -t nat -F
  2. iptables -t mangle -F
  3. iptables -F
  4. iptables -X
  5. service iptables save
複製代碼


2. Post running the above commands you would get an empty iptable rules as shown below.

  1. iptables -L
  2. Chain INPUT (policy ACCEPT)
  3. target     prot opt source               destination         
  4.  
  5. Chain FORWARD (policy ACCEPT)
  6. target     prot opt source               destination         
  7.  
  8. Chain OUTPUT (policy ACCEPT)
  9. target     prot opt source               destination         
複製代碼




參考文章
https://www.thegeekdiary.com/how ... s-in-centos-rhel-7/



來自:
arrow
arrow
    文章標籤
    網頁設計
    全站熱搜
    創作者介紹
    創作者 knightroberny 的頭像
    knightroberny

    苗栗網頁設計

    knightroberny 發表在 痞客邦 留言(0) 人氣()