Firewall has been used by default since Centos7
Change to iptables firewall, the operation steps are as follows:
Turn off the firewalld firewall, turn off the boot self-start
1
2
|
systemctl stop firewalld.service
systemctl disable firewalld.service
|
Install the iptables firewall, set the boot to start automatically
1
2
|
yum -y install iptables-services net-tools
systemctl enable iptables.service
|
Then edit the iptables firewall rules just fine
1
|
vim /etc/sysconfig/iptables
|
Here's an example:
1
2
3
4
5
6
7
8
9
10
11
|
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
|