在CentOS7中,有很多CentOS 6中的常用服務發生了變化。
其中iptables是其中比較大的一個。防火牆iptables被firewalld取代。
本文將介紹,如果采用systemctl關閉firewalld,開啟iptables。
1.關閉firewalld
[root@hwcentos70-01 system]# systemctl stop firewalld [root@hwcentos70-01 system]# systemctl disable firewalld [root@hwcentos70-01 system]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead) Feb 26 13:48:00 hwcentos70-01 systemd[1]: Stopped firewalld - dynamic firewall daemon. Feb 26 13:48:14 hwcentos70-01 systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 26 13:48:15 hwcentos70-01 systemd[1]: Started firewalld - dynamic firewall daemon. Feb 26 13:49:23 hwcentos70-01 systemd[1]: Started firewalld - dynamic firewall daemon. Feb 26 13:53:18 hwcentos70-01 systemd[1]: Stopping firewalld - dynamic firewall daemon... Feb 26 13:53:18 hwcentos70-01 systemd[1]: Stopped firewalld - dynamic firewall daemon.
2.開啟iptables
首先安裝iptables:
[root@hwcentos70-01 system]#yum install -y iptables-services [root@hwcentos70-01 system]# systemctl enable iptables ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service' [root@hwcentos70-01 system]# systemctl start iptables [root@hwcentos70-01 system]# systemctl status iptables iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled) Active: active (exited) since Fri 2016-02-26 13:54:45 UTC; 6s ago Process: 55539 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 55539 (code=exited, status=0/SUCCESS) Feb 26 13:54:45 hwcentos70-01 iptables.init[55539]: iptables: Applying firewall rules: [ OK ] Feb 26 13:54:45 hwcentos70-01 systemd[1]: Started IPv4 firewall with iptables.
此時iptables的命令都可以使用了:
[root@hwcentos70-01 system]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@hwcentos70-01 system]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
3.開放5000端口
輸入“vi /etc/sysconfig/iptables”,打開iptables的配置文件,輸入之前按一下"i",然后添加一行"-A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT",添加以后按一下ESC,輸入":x",回車,就保存退出了
重啟iptables,輸入"service iptables restart",重啟成功以后,,輸入"service iptables status",回車,就會顯示正在生效的規則
啟動監聽5000的應用程序
4.測試
cmd(命令提示符)窗口,使用telnet命令進行測試,命令"telnet+空格+服務器IP+空格+5000",可以連接就會直接跳轉到一個空白的窗口,連不上就會卡住一段時間,然后提示錯誤
查看網頁
