2019独角兽企业重金招聘Python工程师标准>>> 
Redhat7-禁用firewalld&开启iptables&systemctl使用简介
防火墙服务默认使用的是 firewalld ,而不是 iptables 。如果想改用 iptables ,可以参考以下步骤:
1.安装
[root@localhost ~]# yum install iptables-services- 1
2.屏蔽该服务
[root@localhost ~]# systemctl mask firewalld
# systemctl mask firewalld 屏蔽服务(让它不能启动)
# ln -s '/dev/null''/etc/systemd/system/firewalld.service'
# systemctl unmask firewalld 显示服务(如 firewalld.service)
# rm '/etc/systemd/system/firewalld.service'3.启用iptables
[root@localhost ~]# systemctl enable iptables
#如果需要使用 ip6tables , 需另外加一行
[root@localhost ~]# systemctl enable ip6tables4.启动iptables,停止firewalld
#停止firewalld服务,开启 iptables服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl start iptables
# 同上,如果需要使用 ip6tables , 需另外加一条
[root@localhost ~]# systemctl start ip6tables到此就可以像以前使用iptables了,但看完这个流程,有的同学可能不理解systemctl是干啥的,下面简要说一下:
systemctl相当于之前service和chkconfig的融合体。可以使用它永久性启用/禁止或临时关闭/启动某个服务。
[root@localhost init.d]# systemctl #可以列出当前运行的服务状态
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
sys-devices-pci0000:00-0000:00:02.0-backlight-acpi_video0.device loaded active plugged /sys/devices/pci0000:00/0000:00:02.0/backlight/acpi_video0
sys-devices-pci0000:00-0000:00:1b.0-sound-card0.device loaded active plugged 6 Series/C200 Series Chipset Family High Definition Audio Controll
sys-devices-pci0000:00-0000:00:1c.5-0000:03:00.0-net-enp3s0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (P8 seri
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda1.device loaded active plugged WDC_WD5003ABYX-01WERA1 EFI\x20System\x20Part
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda2.device loaded active plugged WDC_WD5003ABYX-01WERA1 2
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda-sda3.device loaded active plugged LVM PV 00d05P-rKKJ-nWdn-ejxs-kpY4-GE0k-3o4TF
sys-devices-pci0000:00-0000:00:1f.2-ata5-host4-target4:0:0-4:0:0:0-block-sda.device loaded active plugged WDC_WD5003ABYX-01WERA1
sys-devices-platform-serial8250-tty-ttyS0.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS0
sys-devices-platform-serial8250-tty-ttyS1.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS1
sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2
sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3
sys-devices-virtual-block-dm\x2d0.device loaded active plugged /sys/devices/virtual/block/dm-0
sys-devices-virtual-block-dm\x2d1.device loaded active plugged /sys/devices/virtual/block/dm-1
sys-devices-virtual-block-dm\x2d2.device loaded active plugged /sys/devices/virtual/block/dm-2
sys-module-configfs.device loaded active plugged /sys/module/configfs
sys-subsystem-net-devices-enp3s0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (P8 seri
-.mount loaded active mounted /
boot-efi.mount loaded active mounted /boot/efi
[root@localhost init.d]# systemd-cgls #该命令可以树状形式列出运行的进程
|-1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
|-user.slice
| `-user-0.slice
| |-session-61.scope
| | |-12073 sshd: root@pts/1
| | |-12077 -bash
| | |-12103 systemd-cgls
| | `-12104 less
| `-session-58.scope
| |-11507 sshd: root@pts/0
| |-11511 -bash
| `-11530 /usr/bin/python -Es /usr/sbin/firewalld
`-system.slice
|-tuned.service
| `-1284 /usr/bin/python -Es /usr/sbin/tuned -l -P
|-postfix.service
| |- 3228 /usr/libexec/postfix/master -w
| |- 3279 qmgr -l -t unix -u
| `-12052 pickup -l -t unix -u
|-sshd.service
| `-1282 /usr/sbin/sshd -D
|-polkit.service
| `-891 /usr/lib/polkit-1/polkitd --no-debug
|-wpa_supplicant.service
| `-889 /usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -u -f /var/log/wpa_supplicant.log -P /var/run
|-NetworkManager.service
| `-771 /usr/sbin/NetworkManager --no-daemon
|-crond.service
| `-691 /usr/sbin/crond -n
|-systemd-logind.service
| `-684 /usr/lib/systemd/systemd-logind
|-irqbalance.service
| `-682 /usr/sbin/irqbalance --foreground
|-rsyslog.service
| `-679 /usr/sbin/rsyslogd -n
|-dbus.service
| `-676 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
|-auditd.service
| `-651 /sbin/auditd -n
|-systemd-udevd.service
| `-529 /usr/lib/systemd/systemd-udevd
|-lvm2-lvmetad.service
| `-526 /usr/sbin/lvmetad -f具体使用
1、相对于之前service iptables stop/start/status/restart/reload 等
启动服务:systemctl start iptables
关闭服务:systemctl stop iptables
重启服务:systemctl restart iptables
显示服务状态:systemctl status iptables
2、相对于之前的chkconfig iptables on/off/list 等
在开机时启用服务:systemctl enable iptables
在开机时禁用服务:systemctl disable iptables
查看服务是否开机启动:systemctl is-enabled iptables
查看已启动的服务列表:systemctl list-unit-files|grep enabled
查看启动失败的服务列表:systemctl –failed
PS:使用命令 systemctl is-enabled iptables 得到的值可以是enable、disable或static,这里的 static 它是指对应的 Unit 文件中没有定义[Install]区域,因此无法配置为开机启动服务。
说明:启用服务就是在当前“runlevel”的配置文件目/etc/systemd/system/multi-user.target.wants/里,建立/usr/lib/systemd/system里面对应服务配置文件的软链接;禁用服务就是删除此软链接,添加服务就是添加软连接。如下:
[root@localhost ~]# systemctl mask firewalld #屏蔽服务(让它不能启动)
ln -s '/dev/null''/etc/systemd/system/firewalld.service'
[root@localhost ~]# systemctl unmask firewalld #显示服务(如firewalld.service)
rm '/etc/systemd/system/firewalld.service'
#mask的释义(mask是disabled的升级版,效果更强大):
[root@localhost ~]# man systemctl
mask NAME...
Mask one or more unit files, as specified on the command line. This will link these units to /dev/null, making it impossible to start them.
This is a stronger version of disable, since it prohibits all kinds of activation of the unit, including enablement and manual activation. Use
this option with care. This honors the --runtime option to only mask temporarily until the next reboot of the system. The --now option can be
used to ensure that the units are also stopped.
unmask NAME...
Unmask one or more unit files, as specified on the command line. This will undo the effect of mask.