CentOS7关闭默认防火墙

CentOS 7 默认使用的是firewall防火墙,若想使用iptables需重新安装一下,步骤如下。

关闭原有防火墙

1
2
3
4
5
6
7
8
# 停止firewall
systemctl stop firewalld.service

# 禁止开机启动firewall
systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

安装iptables service

1
yum -y install iptables-services

安装过程中会输出以下信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: mirrors.163.com
* updates: mirrors.163.com
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
iptables-services x86_64 1.4.21-16.el7 base 50 k

Transaction Summary
=======================================================================================================================================
Install 1 Package

Total download size: 50 k
Installed size: 24 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/iptables-services-1.4.21-16.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for iptables-services-1.4.21-16.el7.x86_64.rpm is not installed
iptables-services-1.4.21-16.el7.x86_64.rpm | 50 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
** Found 9 pre-existing rpmdb problem(s), 'yum check' output follows:
icedtea-web-1.6.1-4.el7.x86_64 has missing requires of java-1.8.0-openjdk
jline-1.0-8.el7.noarch has missing requires of java >= ('0', '1.5', None)
jline-1.0-8.el7.noarch has missing requires of jpackage-utils
1:libreoffice-core-4.3.7.2-5.el7.x86_64 has missing requires of java-headless >= ('1', '1.6', None)
1:libreoffice-ure-4.3.7.2-5.el7.x86_64 has missing requires of libjvm.so()(64bit)
rhino-1.7R4-5.el7.noarch has missing requires of jpackage-utils
rhino-1.7R4-5.el7.noarch has missing requires of jpackage-utils
tagsoup-1.2.1-8.el7.noarch has missing requires of jpackage-utils
tagsoup-1.2.1-8.el7.noarch has missing requires of jpackage-utils >= ('0', '1.6', None)
Installing : iptables-services-1.4.21-16.el7.x86_64 1/1
Verifying : iptables-services-1.4.21-16.el7.x86_64 1/1

Installed:
iptables-services.x86_64 0:1.4.21-16.el7

Complete!

常用命令

查看防火墙状态

1
2
3
4
# 推荐使用
systemctl status iptables.service

service iptables status

停止防火墙

1
2
3
4
# 推荐使用
systemctl stop iptables.service

service iptables stop

启用防火墙

1
2
3
4
# 推荐使用
systemctl start iptables.service

service iptables start

重启防火墙

1
2
3
4
# 推荐使用
systemctl restart iptables.service

service iptables restart

禁用防火墙

1
2
3
4
# 推荐使用
systemctl disable iptables.service

chkconfig iptables off

禁用后启用防火墙

1
2
3
4
# 推荐使用
systemctl enable iptables.service

chkconfig iptables on