首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >Redhat7-禁用firewalld&开启iptables&systemctl使用简介

Redhat7-禁用firewalld&开启iptables&systemctl使用简介

作者头像
拓荒者
发布2019-03-11 17:44:31
1.7K0
发布2019-03-11 17:44:31
举报
文章被收录于专栏:运维经验分享运维经验分享

防火墙服务默认使用的是 firewalld ,而不是 iptables 。如果想改用 iptables ,可以参考以下步骤:

1.安装
[root@localhost ~]# yum install iptables-services
  • 1
2.屏蔽该服务
[root@localhost ~]# systemctl mask firewalld

# systemctl mask firewalld 屏蔽服务(让它不能启动)
# ln -s '/dev/null''/etc/systemd/system/firewalld.service'
# systemctl unmask firewalld 显示服务(如 firewalld.service)
# rm '/etc/systemd/system/firewalld.service'
3.启用iptables
[root@localhost ~]# systemctl enable iptables
#如果需要使用 ip6tables , 需另外加一行
[root@localhost ~]# systemctl enable ip6tables
4.启动iptables,停止firewalld
#停止firewalld服务,开启 iptables服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start iptables
# 同上,如果需要使用 ip6tables , 需另外加一条
[root@localhost ~]# systemctl start ip6tables

到此就可以像以前使用iptables了,但看完这个流程,有的同学可能不理解systemctl是干啥的,下面简要说一下:

systemctl相当于之前service和chkconfig的融合体。可以使用它永久性启用/禁止或临时关闭/启动某个服务。

[root@localhost init.d]# systemctl  #可以列出当前运行的服务状态
UNIT                                                               LOAD   ACTIVE SUB       DESCRIPTION
proc-sys-fs-binfmt_misc.automount                                  loaded active waiting   Arbitrary Executable File Formats File System Automount Point
sys-devices-pci0000:00-0000:00:02.0-backlight-acpi_video0.device   loaded active plugged   /sys/devices/pci0000:00/0000:00:02.0/backlight/acpi_video0
sys-devices-pci0000:00-0000:00:1b.0-sound-card0.device             loaded active plugged   6 Series/C200 Series Chipset Family High Definition Audio Controll
sys-devices-pci0000:00-0000:00:1c.5-0000:03:00.0-net-enp3s0.device loaded active plugged   RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (P8 seri
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda1.device loaded active plugged   WDC_WD5003ABYX-01WERA1 EFI\x20System\x20Part
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda2.device loaded active plugged   WDC_WD5003ABYX-01WERA1 2
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda3.device loaded active plugged   LVM PV 00d05P-rKKJ-nWdn-ejxs-kpY4-GE0k-3o4TF
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda.device loaded active plugged   WDC_WD5003ABYX-01WERA1
sys-devices-platform-serial8250-tty-ttyS0.device                   loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS0
sys-devices-platform-serial8250-tty-ttyS1.device                   loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS1
sys-devices-platform-serial8250-tty-ttyS2.device                   loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device                   loaded active plugged   /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-virtual-block-dm\x2d0.device                           loaded active plugged   /sys/devices/virtual/block/dm-0
sys-devices-virtual-block-dm\x2d1.device                           loaded active plugged   /sys/devices/virtual/block/dm-1
sys-devices-virtual-block-dm\x2d2.device                           loaded active plugged   /sys/devices/virtual/block/dm-2
sys-module-configfs.device                                         loaded active plugged   /sys/module/configfs
sys-subsystem-net-devices-enp3s0.device                            loaded active plugged   RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (P8 seri
-.mount                                                            loaded active mounted   /
boot-efi.mount                                                     loaded active mounted   /boot/efi
[root@localhost init.d]# systemd-cgls   #该命令可以树状形式列出运行的进程
|-1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
|-user.slice
| `-user-0.slice
|   |-session-61.scope
|   | |-12073 sshd: root@pts/1    
|   | |-12077 -bash
|   | |-12103 systemd-cgls
|   | `-12104 less
|   `-session-58.scope
|     |-11507 sshd: root@pts/0    
|     |-11511 -bash
|     `-11530 /usr/bin/python -Es /usr/sbin/firewalld
`-system.slice
  |-tuned.service
  | `-1284 /usr/bin/python -Es /usr/sbin/tuned -l -P
  |-postfix.service
  | |- 3228 /usr/libexec/postfix/master -w
  | |- 3279 qmgr -l -t unix -u
  | `-12052 pickup -l -t unix -u
  |-sshd.service
  | `-1282 /usr/sbin/sshd -D
  |-polkit.service
  | `-891 /usr/lib/polkit-1/polkitd --no-debug
  |-wpa_supplicant.service
  | `-889 /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run
  |-NetworkManager.service
  | `-771 /usr/sbin/NetworkManager --no-daemon
  |-crond.service
  | `-691 /usr/sbin/crond -n
  |-systemd-logind.service
  | `-684 /usr/lib/systemd/systemd-logind
  |-irqbalance.service
  | `-682 /usr/sbin/irqbalance --foreground
  |-rsyslog.service
  | `-679 /usr/sbin/rsyslogd -n
  |-dbus.service
  | `-676 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
  |-auditd.service
  | `-651 /sbin/auditd -n
  |-systemd-udevd.service
  | `-529 /usr/lib/systemd/systemd-udevd
  |-lvm2-lvmetad.service
  | `-526 /usr/sbin/lvmetad -f
具体使用

1、相对于之前service iptables stop/start/status/restart/reload 等  启动服务:systemctl start iptables  关闭服务:systemctl stop iptables  重启服务:systemctl restart iptables  显示服务状态:systemctl status iptables  2、相对于之前的chkconfig iptables on/off/list 等  在开机时启用服务:systemctl enable iptables  在开机时禁用服务:systemctl disable iptables  查看服务是否开机启动:systemctl is-enabled iptables  查看已启动的服务列表:systemctl list-unit-files|grep enabled  查看启动失败的服务列表:systemctl –failed

PS:使用命令 systemctl is-enabled iptables 得到的值可以是enable、disable或static,这里的 static 它是指对应的 Unit 文件中没有定义[Install]区域,因此无法配置为开机启动服务。

说明:启用服务就是在当前“runlevel”的配置文件目/etc/systemd/system/multi-user.target.wants/里,建立/usr/lib/systemd/system里面对应服务配置文件的软链接;禁用服务就是删除此软链接,添加服务就是添加软连接。如下:

[root@localhost ~]# systemctl mask firewalld  #屏蔽服务(让它不能启动)
ln -s '/dev/null''/etc/systemd/system/firewalld.service'
[root@localhost ~]# systemctl unmask firewalld #显示服务(如firewalld.service)
rm '/etc/systemd/system/firewalld.service'

#mask的释义(mask是disabled的升级版,效果更强大):
[root@localhost ~]# man systemctl
 mask NAME...
           Mask one or more unit files, as specified on the command line. This will link these units to /dev/null, making it impossible to start them.
           This is a stronger version of disable, since it prohibits all kinds of activation of the unit, including enablement and manual activation. Use
           this option with care. This honors the --runtime option to only mask temporarily until the next reboot of the system. The --now option can be
           used to ensure that the units are also stopped.

unmask NAME...
           Unmask one or more unit files, as specified on the command line. This will undo the effect of mask.

(adsbygoogle = window.adsbygoogle || []).push({});

本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2017/08/11 ,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 作者个人站点/博客 前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 1.安装
  • 2.屏蔽该服务
  • 3.启用iptables
  • 4.启动iptables,停止firewalld
  • 具体使用
领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档