用惯了centos6的iptables防火墙，对firewall太无感了，那么如何改回原来熟悉的iptables防火墙呢？

1、关闭firewall防火墙

[root@centos7 html]# systemctl stop firewalld #停止firewall防火墙[root@centos7 html]# systemctl disable firewalld  #禁止firewall开机启动[root@centos7 html]# systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)   Active: inactive (dead)     Docs: man:firewalld(1)Aug 18 22:22:51 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...Aug 18 22:22:53 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.Aug 18 23:13:56 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...Aug 18 23:14:06 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.Aug 18 23:34:07 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...Aug 18 23:34:09 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.Aug 18 23:34:19 centos7 systemd[1]: Stopping firewalld - dynamic firewall daemon...Aug 18 23:34:26 centos7 systemd[1]: Stopped firewalld - dynamic firewall daemon.[root@centos7 html]#

2、安装iptables防火墙

[root@centos7 html]# yum install  -y iptables  iptables-servicesLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirrors.163.com * extras: mirrors.sohu.com * updates: mirrors.163.comPackage iptables-1.4.21-17.el7.x86_64 already installed and latest versionPackage iptables-services-1.4.21-17.el7.x86_64 already installed and latest versionNothing to do[root@centos7 html]# systemctl start iptables[root@centos7 html]# systemctl status iptables● iptables.service - IPv4 firewall with iptables   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 14s ago  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 3494 (code=exited, status=0/SUCCESS)Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.[root@centos7 html]# service iptables statusRedirecting to /bin/systemctl status  iptables.service● iptables.service - IPv4 firewall with iptables   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)   Active: active (exited) since Fri 2017-08-18 23:39:14 CST; 28s ago  Process: 3494 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 3494 (code=exited, status=0/SUCCESS)Aug 18 23:39:13 centos7 systemd[1]: Starting IPv4 firewall with iptables...Aug 18 23:39:14 centos7 iptables.init[3494]: iptables: Applying firewall rules: [  OK  ]Aug 18 23:39:14 centos7 systemd[1]: Started IPv4 firewall with iptables.[root@centos7 html]#

 

 3、查看iptables配置文件

[root@centos7 html]# iptables -LChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHEDACCEPT     icmp --  anywhere             anywhere            ACCEPT     all  --  anywhere             anywhere            ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:sshACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:mysqlACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:httpREJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)target     prot opt source               destination         REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)target     prot opt source               destination         [root@centos7 html]# cat /etc/sysconfig/iptables# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306  -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 80  -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT[root@centos7 html]#

 

 4、、设置iptables开机启动

[root@centos7 html]# systemctl enable iptablesCreated symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.[root@centos7 html]# systemctl status iptables● iptables.service - IPv4 firewall with iptables   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)   Active: active (exited) since Fri 2017-08-18 23:41:19 CST; 2min 22s ago Main PID: 3603 (code=exited, status=0/SUCCESS)Aug 18 23:41:19 centos7 systemd[1]: Starting IPv4 firewall with iptables...Aug 18 23:41:19 centos7 iptables.init[3603]: iptables: Applying firewall rules: [  OK  ]Aug 18 23:41:19 centos7 systemd[1]: Started IPv4 firewall with iptables.[root@centos7 html]#