Red Hat Enterprise Linux 7 防火牆 Firewall 預設是開啟的 (可以透過 #iptables -L 指令觀察),但要怎麼關閉它呢!!
首先 RHEL7 已經改用 systemd 的開機方式.以前的指令 #service , /etc/init.d/ , #chkconfig 的方式都不適用了.必須用 #systemctl 指令,關於 #systemctl 請自行參考,而且 Firewall 服務名稱不叫做 iptables 改成為 firewalld .
- FireWall Status
[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Wed 2016-03-16 06:02:23 EDT; 15min ago
Main PID: 550 (firewalld)
CGroup: /system.slice/firewalld.service
└─550 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 16 06:02:19 localhost.localdomain systemd[1]: Starting firewalld - dynami...
Mar 16 06:02:23 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
|
- Stop and Start firewall
還是可以用 service 這個指令,不過系統會自動導向成 systemctl 指令來做,systemctl 透過 start , stop 來立即性的開啟與關閉防火牆的功能.
[root@localhost ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@localhost ~]# /bin/systemctl stop firewalld.service
|
[root@localhost ~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
[root@localhost ~]# /bin/systemctl start firewalld.service
|
- Disable and Enable firewall
systemctl 透過 enable , disable 就是像以前透過 chkconfig iptables on , off 一樣,設定開機的時候是不是要把服務啟動.
[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
|
[root@localhost ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.service'
|
但是有可能透過 iptables -L 還是會看到有定義 iptables
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere
|
這是因為 RHEL7 有安裝了 KVM (關於 KVM Network 請參考 https://benjr.tw/8189 ) 時所產生的 virbr0 裝置.
[root@localhost ~]# ifconfig virbr0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:46:34:b0 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
anywhere udp dpt:bootpc
|
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.5254004634b0 yes virbr0-nic
|
可以透過下面的方式把 virbr0 關閉 (不關閉也不影響)
[root@localhost ~]# virsh net-list
|
[root@localhost ~]# virsh net-destroy default
|
[root@localhost ~]# virsh net-autostart default --disable
|
[root@localhost ~]# virsh net-undefine default
|
[root@localhost ~]# systemctl disable libvirtd.service
|
沒有解決問題,試試搜尋本站其他內容