Disable firewall in CentOS7 and use iptables to manage the firewall

Disable firewall in CentOS7 and use iptables to manage the firewall

In centOS7, the firewall management firewall is used by default, so I want to change it to iptables:

1. Disable the default firewall

# Systemctl stop firewalld. service stop firewalld service

# Systemctl disable firewalld. service system-based boot

2. enable iptables

# Yum install iptables (skip this command if some versions have been installed based on centOS7 and kernel)

# Yum install iptables-services

# Vim/etc/sysconfig/iptables

Edit as follows (ports, and are enabled ):

[Plain] view plaincopy

1. # Sampleconfigurationforiptablesservice
2. # Youcaneditthismanuallyorusesystem-config-firewall
3. # Pleasedonotaskustoaddadditionalports/servicestothisdefaultconfiguration
4. * Filter
5. : INPUTACCEPT [0: 0]
6. : FORWARDACCEPT [0: 0]
7. : OUTPUTACCEPT [0: 0]
8. -AINPUT-mstate -- stateRELATED, ESTABLISHED-jACCEPT
9. -AINPUT-picmp-jACCEPT
10. -AINPUT-ilo-jACCEPT
11. -AINPUT-ptcp-mstate -- stateNEW-mtcp -- dport21-jACCEPT
12. -AINPUT-ptcp-mstate -- stateNEW-mtcp -- dport22-jACCEPT
13. -AINPUT-ptcp-mstate -- stateNEW-mtcp -- dport80-jACCEPT
14. -AINPUT-ptcp-mstate -- stateNEW-mtcp -- dport3306-jACCEPT
15. -AINPUT-jREJECT -- reject-withicmp-host-prohibited
16. -AFORWARD-jREJECT -- reject-withicmp-host-prohibited
17. COMMIT

: Wq save

3. enable the service and set auto-start upon startup

# Service iptables restart

# Chkconfig iptables on or systemctl enable iptables. service is automatically started upon startup.

Tip: If you encounter a journalctl-xe error when restarting iptables, use # journalctl-xe-l to view the error

Generally, this is a syntax error. Check the syntax of the iptables file carefully.