关于centos7.x已关闭firewall 执行iptables -nL仍有防火墙策略的问题

根源在于未关闭虚拟网卡,偶然发现,记录一下.

查看防火墙状态.可见

[root@jexus ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

但是查看iptables表.可见

[root@jexus ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68

出现虚拟网卡是因为安装时启用了libvirtd服务后生成的,关闭方法

[root@jexus ~]# virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     yes           yes

[root@jexus ~]# virsh net-destroy default
Network default destroyed

[root@jexus ~]# virsh net-undefine default
Network default has been undefined

[root@jexus ~]# systemctl restart libvirtd.service

现在可见iptables表已没有了

[root@jexus ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

查看ifconfig也没有虚拟网卡了

[root@jexus ~]# ifconfig 
eth0: flags=4163  mtu 1500
        inet 10.244.135.247  netmask 255.255.254.0  broadcast 10.244.135.255
        inet6 fe80::250:56ff:fea6:61c7  prefixlen 64  scopeid 0x20
        ether 00:50:56:a6:61:c7  txqueuelen 1000  (Ethernet)
        RX packets 3808  bytes 255778 (249.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 228  bytes 28315 (27.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4  bytes 224 (224.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 224 (224.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

具体原因尚不知为何虚拟网卡会导致防火墙问题,且之前未出现防火墙方面的为题,但为了保险起见,特此做出记录.

Thanks~!

转载于:https://my.oschina.net/u/3805108/blog/2395904