System upgrade to CentOS 7 after the total feeling iptables strange, for example, no matter how to save the restart after the initialization, even if I finally issued a big trick when the start of the command:
First iptables-save >/etc/iptables.rules saves the current state.
And then force the addition in the/etc/rc.local
/etc/rc.local
iptables-restore
/etc/iptables
.rules
After the reboot, although the rule is effective, but look at the rules or some of the additional content is inexplicably added, people are very uncomfortable.
Take a closer look at Google and find out where the problem is. Redhat in 7 changed the system software, no longer use iptables as a system firewall, but the use of FIREWALLD, but in order to compatible with the previous command can also use Iptables to set the protection rules, but the start of a set.
The solution is also simple.
First, consider follow the official idea of switching to FIREWALLD. Actually, it can be used to check some official documents.
However, individuals feel that they can continue to use the original iptables if there is no significant improvement. If you intend to continue using iptables, you can continue to do the following:
Backing up the current rule
1 iptables-save > iptables.rules
Disable FIREWALLD, install & Enable Iptables-services Systemctl stop Firewalld systemctl mask firewalld yum Install iptables-services- Y Systemctl Enable iptables
This time, check the iptables discovery rules are cleared.
1iptables -L -x -n
Restore the rules of a backup
1iptables-restore iptables.rules
Save current rule
1 /usr/libexec/iptables/iptables
.init save
If you are using the Minimize version of the installation, you may receive a prompt
iptables:saving firewall rules to
/etc/sysconfig/iptables:/etc/init.d/iptables:line 274:restorecon:command not F Ound
This is because the SELinux is missing a component because it is not installed. You can install Policycoreutils.
1 yum
install
policycoreutils -y