Centos7 disable and configure iptables for firewall installation, centos7iptables

Centos7 disable and configure iptables for firewall installation, centos7iptables

1. configure the firewall and enable port 80 and port 3306

CentOS 7.0 uses firewall as the firewall by default. Here, it is changed to iptables firewall.

1. Disable firewall:

Systemctl stop firewalld. service # stop firewall

 

Systemctl disable firewalld. service # disable firewall startup

 

 

2. Install iptables firewall IT network, http://www.it.net.cn

Yum install iptables-services # Installation

 

Vi/etc/sysconfig/iptables # edit the firewall configuration file

 

# Firewall configuration written by system-config-firewall

 

# Manual mizmization of this file is not recommended. It, http://www.it.net.cn

* Filter

 

: Input accept [0: 0]

 

: Forward accept [0: 0]

 

: Output accept [0: 0] Linux learning, http: // linux.it.net.cn

-A input-m state -- state ESTABLISHED, RELATED-j ACCEPT

 

-A input-p icmp-j ACCEPT

 

-A input-I lo-j ACCEPT

 

-A input-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT it, http://www.it.net.cn

-A input-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT

 

-A input-m state -- state NEW-m tcp-p tcp -- dport 3306-j ACCEPT

-A input-j REJECT -- reject-with icmp-host-prohibited

 

-A forward-j REJECT -- reject-with icmp-host-prohibited Linux, http: // linux.it.net.cn

COMMIT

 

: Wq! # Save and exit

 

Systemctl restart iptables. service # restart the firewall to make the configuration take effect.

Systemctl enable iptables. service # Set firewall startup

 

2. Disable selinux it network and http://www.it.net.cn

Vi/etc/selinux/config

 

# SELINUX = enforcing # comment out

 

# SELINUXTYPE = targeted # comment out

 

SELINUX = disabled # Add Linux learning, http: // linux.it.net.cn

: Wq! # Save and quit Linux learning, http: // linux.it.net.cn

Setenforce 0 # Make the configuration take effect immediately