devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

iptables规则备份和恢复、firewalld的9个zone、firewalld关于zone和service操作

作者:从前慢现在也慢 | 2024-07-27 04:30:14

iptables恢复规则

保存和备份iptables规则

service iptables save //会把规则保存到/etc/sysconfig/iptables
把iptables规则备份到my.ipt文件中:
iptables-save > my.ipt 恢复刚才备份的规则:
iptables-restore < my.ipt

1.保存规则
  1. [root@linux-128 ~]# service iptables save
  2. iptables: Saving firewall rules to /etc/sysconfig/iptables:[  确定  ]

它会保存到配置文件/etc/sysconfig/iptables中

  1. [root@linux-128 ~]# cat /etc/sysconfig/iptables
  2. # Generated by iptables-save v1.4.21 on Mon Dec  4 02:46:23 2017
  3. *filter
  4. :INPUT ACCEPT [0:0]
  5. :FORWARD ACCEPT [0:0]
  6. :OUTPUT ACCEPT [162:11232]
  7. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  8. -A INPUT -p icmp -j ACCEPT
  9. -A INPUT -i lo -j ACCEPT
  10. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  11. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  12. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  13. COMMIT
  14. # Completed on Mon Dec  4 02:46:23 2017
2.备份规则
[root@linux-128 ~]# iptables-save >/tmp/myiptables.rule

查看规则

  1. [root@linux-128 ~]# cat /tmp/myiptables.rule
  2. # Generated by iptables-save v1.4.21 on Mon Dec  4 02:49:42 2017
  3. *filter
  4. :INPUT ACCEPT [0:0]
  5. :FORWARD ACCEPT [0:0]
  6. :OUTPUT ACCEPT [261:20920]
  7. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  8. -A INPUT -p icmp -j ACCEPT
  9. -A INPUT -i lo -j ACCEPT
  10. -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
  11. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  12. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  13. COMMIT
  14. # Completed on Mon Dec  4 02:49:42 2017
3.恢复规则
[root@linux-128 ~]# iptables-restore </tmp/myiptables.rule

恢复规则一般使用备份规则中,注意:服务器或者重启iptables,它会自动加载配置文件中的规则

firewalld的9个zone

• 打开firewalld
• systemctl disable iptables
• systemctl stop iptables
• systemctl enable firewalld
• systemctl start firewalld
• firewalld默认有9个zone
• 默认zone为public
• firewall-cmd –get-zones //查看所有zone
• firewall-cmd –get-default-zone//查看默认zone

  1. 关闭开机自动启动netfilter
  1. [root@linux-128 ~]# systemctl disable iptables
  2. Removed symlink /etc/systemd/system/basic.target.wants/iptables.service.
  1. 关闭netfilter
[root@linux-128 ~]# systemctl stop iptables
  1. 设置开机启动firewalld
  1. [root@linux-128 ~]# systemctl enable firewalld
  2. Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
  3. Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
  1. 启动firewalld
[root@linux-128 ~]# systemctl start firewalld
  1. 查看firewalld的默认规则
[root&
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/888656
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号