centos 7 中防火牆的關閉問題

標籤：方法   mask   reload   重啟   bug   wiki   sysconf   open   eve   

新安裝的centos 7 發現有些程式連接埠是關閉的，想到了防火牆和selinux 

selinx 好關閉 /etc/sysconfig/selinux 中 追加 SELINUX=disabled

防火牆以為也是很好弄，按照以前的老規矩，service iptables stop 或者 chkconfig --level 35 iptables off 

重啟後 運行 systemctl list-unit-files | grep ip  發現還有個ip6tables 沒關  chkconfig --level 35 ip6tables off

再運行 systemctl list-unit-files | grep ip 發現全部都disables 還是不通

沒辦法，只有添加規則了，tptables -I INPUT 1 -p tcp --dport 6259 -j ACCEPT 

然後service iptables save  連接埠通了

我想這個是不是個BUG ， 也許我沒有找到方法，請告知

Centos7中的防火牆調整為firewalld，試一下systemctl stop firewalld關閉防火牆。
I installed CentOS 7 with minimal configuration (os + dev tools). I am trying to open 80 port for httpdservice, but something wrong with my iptables service ... what‘s wrong with it? What am I doing wrong?

# ifconfig/sbin/service iptables savebash: ifconfig/sbin/service: No such file or directory# /sbin/service iptables saveThe service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.# sudo service iptables statusRedirecting to /bin/systemctl status  iptables.serviceiptables.service   Loaded: not-found (Reason: No such file or directory)   Active: inactive (dead)# /sbin/service iptables saveThe service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.# sudo service iptables startRedirecting to /bin/systemctl start  iptables.serviceFailed to issue method call: Unit iptables.service failed to load: No such file or directory.

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:

systemctl stop firewalldsystemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

centos 7 中防火牆的關閉問題