centos7默认的防火墙是firewalld
1.关闭firewalld防火墙
[root@localhost ~]# systemctl stop firewalld
取消开机自启
[root@localhost ~]# systemctl disable firewalld
2.iptables安装
[root@localhost ~]# yum -y install iptables
[root@localhost ~]# yum -y install iptables-services
修改iptables文件
[root@localhost ~]# vim /etc/sysconfig/iptables
*filter <==星号开头的指的是表格,这里为 filter
:INPUT DROP [0:0] <==冒号开头的指的是链,三条内建的链
:FORWARD DROP [0:0] <== 这个步骤是把不符合自己配置的规则ACCEPT的连接DROP掉
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
启动iptanles
[root@localhost ~]# systemctl start iptables
开机自启
[root@localhost ~]# systemctl enable iptablesCentOS7安装iptables防火墙
原文:https://blog.51cto.com/11919039/2487043
