Centos7 配置iptables防火墙的步骤:

  • 检测并关闭firewall
1
2
3
4
5
6
7
8
# 检测是否开启了firewall
systemctl status firewalld.service

#关闭firewall
systemctl stop firewalld.service

#禁止firewall开机自启
sytsemctl disable firewalld.service
  • 安装iptables-services
1
2
# 用yum安装iptables-services
yum install -y iptables-services
  • 将规则写入iptables配置文件
1
2
# 编辑配置,添加自己的规则
vim /etc/sysconfig/iptables

内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
  • 相关命令
1
2
3
4
5
6
7
8
# 启动服务
systemctl start iptables.service
# 停止服务
systemctl stop iptables.service
# 重启服务
systemctl restart iptables.service
# 设置防火墙开机启动
systemctl enable iptables.service
  • 关闭 SELINUX
1
2
# 打开配置文件
vim /etc/selinux/config

内容如下:

1
2
3
4
5
6
7
8
9
10
11
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

需作如下操作,实现关闭 SELINUX

1
2
3
4
5
6
7
8
9
10
# 注释
SELINUX=enforcing
# 注释
SELINUXTYPE=targeted
#增加
SELINUX=disabled
#保存退出
:wq!
#使配置立即生效
setenforce 0