www. On IT Road .com
解决方案 :
在 Oracle Linux 7 中,iptables 服务替换为 firewalld 服务。
命令 iptables -L 将列出节点上的规则集。
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ....
systemctl 命令将列出节点上运行的所有服务。
验证服务“iptables”不会恢复任何输出。
服务 iptables 替换为名称“firewalld”
# systemctl | grep -i iptables # systemctl | grep -i firewall firewalld.service loaded active running firewalld - dynamic firewall daemon
要检查服务的状态可以使用以下命令:
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2016-05-29 03:33:25 EDT; 3h 12min ago
Main PID: 830 (firewalld)
CGroup: /system.slice/firewalld.service
└─830 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jan 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon.
可以通过以下命令停止服务,我们可以重新检查状态:
# systemctl stop firewalld # systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 17s ago Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 830 (code=exited, status=0/SUCCESS) Jan 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. Jan 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... Jan 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.
要在下次启动时禁用该服务(RHEL6 及更早版本中的 chkconfig),我们可以执行以下命令。
通过执行该命令,相关文件链接被删除,下次不再引用。
# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Sun 2016-05-29 06:47:03 EDT; 2min 26s ago Process: 830 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 830 (code=exited, status=0/SUCCESS) Jan 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. Jan 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... Jan 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.
如上面的输出所示,firewalld 服务处于启用模式,这意味着它将在下次启动时启动。
要禁用下次启动时启动,请使用以下命令:
# systemctl disable firewalld rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service'
再次验证状态,以确认服务处于禁用模式。
# systemctl disable firewalld rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service' [root@geeklab ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: inactive (dead) Jan 29 03:33:16 geeklab systemd[1]: Starting firewalld - dynamic firewall daemon... Jan 29 03:33:25 geeklab systemd[1]: Started firewalld - dynamic firewall daemon. Jan 29 06:47:03 geeklab systemd[1]: Stopping firewalld - dynamic firewall daemon... Jan 29 06:47:03 geeklab systemd[1]: Stopped firewalld - dynamic firewall daemon.
问题:
如何在 CentOS/RHEL 7 中启动或者停止 firewalld(早期版本的 iptables)?
日期:2020-09-17 00:12:06 来源:oir作者:oir