centos 7下使用iptables

每次给vps做系统都习惯把firewalld换成iptables,并且清空iptables规则。
在这写篇备忘录,不再每次google去找原文了……话说firewalld存在了这么多年,感觉使用率不高啊。

禁用firewalled/安装iptables:

systemctl stop firewalld
systemctl mask firewalld

yum -y install iptables-services

systemctl enable iptables
systemctl start iptables

清空iptables规则的脚本:

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
ipt="/sbin/iptables"
## Failsafe - die if /sbin/iptables not found 
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt -t raw -F
$ipt -t raw -X

执行上述脚本后,再执行下面命令保存规则:

/usr/libexec/iptables/iptables.init save

配置文件保存在/etc/sysconfig/iptables

本文为悠然居(https://wordpress.youran.me/)的原创文章,转载请注明出处!

2 thoughts on “centos 7下使用iptables”

Leave a Reply to youran Cancel reply

Your email address will not be published.