我用最少的配置安装了CentOS 7(操作系统+开发工具)。我正在尝试为httpd
服务打开80端口,但我的iptables服务出现了问题...它有什么问题?我做错了什么?
# ifconfig/sbin/service iptables save
bash: ifconfig/sbin/service: No such file or directory
# /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
# sudo service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
# /sbin/service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
# sudo service iptables start
Redirecting to /bin/systemctl start iptables.service
Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
发布于 2014-07-18 22:29:31
在RHEL7/ CentOS 7中,引入了firewalld来管理iptables。IMHO,firewalld更适合于工作站而不是服务器环境。
可以返回到更经典的iptables设置。首先,停止并屏蔽firewalld服务:
systemctl stop firewalld
systemctl mask firewalld
然后,安装iptables-services包:
yum install iptables-services
在启动时启用服务:
systemctl enable iptables
管理服务
systemctl [stop|start|restart] iptables
保存防火墙规则的方法如下:
service iptables save
或
/usr/libexec/iptables/iptables.init save
发布于 2014-08-10 23:12:07
RHEL and CentOS 7 use firewall-cmd instead of iptables。你应该使用这样的命令:
# add ssh port as permanent opened port
firewall-cmd --zone=public --add-port=22/tcp --permanent
然后,您可以重新加载规则以确保一切正常
firewall-cmd --reload
这比使用iptable-save更好,尤其是当您计划使用lxc或docker容器时。启动docker服务将添加iptable-save命令将提示的一些规则。如果保存结果,将会有许多不应该保存的规则。因为docker容器可以在下次重新启动时更改它们的ip地址。
带有永久选项的Firewall-cmd更适合这一点。
检查"man firewall-cmd“或check the official firewalld docs查看选项。有很多选项可以检查区域、配置、工作方式……手册页真的很完整。
我强烈建议从Centos 7开始不要使用iptables-service
发布于 2014-08-04 11:23:42
我遇到了重启无法启动iptables的问题。
这就解决了这个问题:
yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables
https://stackoverflow.com/questions/24756240
复制相似问题