Red Hat Enterprise Linux 7 防火牆 Firewall 預設是開啟的 (可以透過 #iptables -L 指令觀察),但要怎麼關閉它呢!!
首先 RHEL7 已經改用 systemd 的開機方式.以前的指令 #service , /etc/init.d/ , #chkconfig 的方式都不適用了.必須用 #systemctl 指令,關於 #systemctl 請自行參考,而且 Firewall 服務名稱不叫做 iptables 改成為 firewalld .
- FireWall Status
[root@localhost ~]# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Wed 2016-03-16 06:02:23 EDT; 15min ago Main PID: 550 (firewalld) CGroup: /system.slice/firewalld.service └─550 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Mar 16 06:02:19 localhost.localdomain systemd[1]: Starting firewalld - dynami... Mar 16 06:02:23 localhost.localdomain systemd[1]: Started firewalld - dynamic... Hint: Some lines were ellipsized, use -l to show in full. - Stop and Start firewall
還是可以用 service 這個指令,不過系統會自動導向成 systemctl 指令來做,systemctl 透過 start , stop 來立即性的開啟與關閉防火牆的功能.[root@localhost ~]# service firewalld stop Redirecting to /bin/systemctl stop firewalld.service [root@localhost ~]# /bin/systemctl stop firewalld.service
[root@localhost ~]# service firewalld start Redirecting to /bin/systemctl start firewalld.service [root@localhost ~]# /bin/systemctl start firewalld.service
- Disable and Enable firewall
systemctl 透過 enable , disable 就是像以前透過 chkconfig iptables on , off 一樣,設定開機的時候是不是要把服務啟動.[root@localhost ~]# systemctl disable firewalld rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl enable firewalld ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.service'
但是有可能透過 iptables -L 還是會看到有定義 iptables
[root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere
這是因為 RHEL7 有安裝了 KVM (關於 KVM Network 請參考 https://benjr.tw/8189 ) 時所產生的 virbr0 裝置.
[root@localhost ~]# ifconfig virbr0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:46:34:b0 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
anywhere udp dpt:bootpc
[root@localhost ~]# brctl show bridge name bridge id STP enabled interfaces virbr0 8000.5254004634b0 yes virbr0-nic
可以透過下面的方式把 virbr0 關閉 (不關閉也不影響)
[root@localhost ~]# virsh net-list
[root@localhost ~]# virsh net-destroy default
[root@localhost ~]# virsh net-autostart default --disable
[root@localhost ~]# virsh net-undefine default
[root@localhost ~]# systemctl disable libvirtd.service
沒有解決問題,試試搜尋本站其他內容