简介
Centos 7基本是现在的主流系统了,毕竟很多中间件都需要高版本的支持了,但是默认的firewalld估计很多人用不惯(至少我还用不惯),所以得想办法继续用原来的iptables呀!
ps: firewalld 和 iptables并没有本质的区别,只是封装语法的不同,所以不必谈论什么性能啊,防护能力啊,底层差不多的,没啥区别,看你个人习惯还是
第一步:干掉firewalld
[root@mt ~]# systemctl stop firewalld ##停止防火墙 firewalld
[root@mt ~]# systemctl disable firewalld ##禁用防火墙 firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mt ~]# systemctl status firewalld ##查看防火墙状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)轻松干掉,开机禁掉,第一步完成
第二步:启用iptables
[root@mt ~]# yum install -y iptables-services iptables-devel.x86_64 iptables.x86_64
[root@mt ~]# systemctl enable iptables ##启用iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@mt ~]# systemctl start iptables ##启动iptables
[root@mt ~]# systemctl status iptables ##查看iptables状态
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since 三 2020-10-28 13:39:40 CST; 3 weeks 2 days ago
Main PID: 4625 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
10月 28 13:39:40 center systemd[1]: Starting IPv4 firewall with iptables...
10月 28 13:39:40 center iptables.init[4625]: iptables: Applying firewall rules: [ OK ]
10月 28 13:39:40 center systemd[1]: Started IPv4 firewall with iptables.PS:Centos7 默认 /etc/rc.local 是不生效的哦,尽量使用systemctl进行管理
第二部完成,Job Done!
总结
两者区别不大,其实firewalld语法很直接,比iptables的四表五链看起来更直观,看个人喜好吧