iptables規則備份和恢復

保存和備份iptables規則如下：

service iptables save //會把規則保存到/etc/sysconfig/iptables

把iptables規則備份到my.ipt文件中

?iptables-save > my.ipt

?恢復剛才備份的規則

?iptables-restore < my.ipt

實驗：

[root@test-7 ~]# iptables-save > my.ipt

[root@test-7 ~]# iptables -t nat -F ?#清空

[root@test-7 ~]# iptables -t nat -nvL #查看下

Chain PREROUTING (policy ACCEPT 2 packets, 406 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain INPUT (policy ACCEPT 2 packets, 406 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain OUTPUT_direct (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POSTROUTING_ZONES (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POSTROUTING_ZONES_SOURCE (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POSTROUTING_direct (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POST_public (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POST_public_allow (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POST_public_deny (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POST_public_log (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PREROUTING_ZONES (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PREROUTING_ZONES_SOURCE (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PREROUTING_direct (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PRE_public (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PRE_public_allow (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PRE_public_deny (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain PRE_public_log (0 references)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

[root@test-7 ~]# iptables-restore < my.ipt #恢復

[root@test-7 ~]# iptables -t nat -nvL ?#查看下，數據又回來了

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

? ? 0 ? ? 0 DNAT ? ? ? tcp ?-- ?* ? ? ?* ? ? ? 0.0.0.0/0 ? ? ? ? ? ?192.168.100.102 ? ? ?tcp dpt:1122 to:192.168.133.2:22

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??

? ? 0 ? ? 0 SNAT ? ? ? all ?-- ?* ? ? ?* ? ? ? 192.168.133.2 ? ? ? ?0.0.0.0/0 ? ? ? ? ? ?to:192.168.100.102

firewalld的9個zone

1、查看zone類型：

[root@test-7 ~]# firewall-cmd --get-zones

block dmz drop external home internal public trusted work

關于9種zone的解析：

查看默認的zone:

[root@test-7 ~]# firewall-cmd --get-default-zone

public

firewalld關于zone的操作

1、設置

[root@test-7 ~]# firewall-cmd --set-default-zone=work

success

2、查看

[root@test-7 ~]# firewall-cmd --get-default-zone?

work

3、查看網卡的zone

[root@test-7 ~]# firewall-cmd --get-zone-of-interface=eno16777736

work

給指定的網卡增加zone

更改zone:

firewall-cmd --zone=block --change-interface=eno16777736

查看：

[root@test-7 ~]# firewall-cmd --get-zone-of-interface=eno16777736

block

刪除zone

[root@test-7 ~]# firewall-cmd --zone=block --remove-interface=eno16777736

success

查看所有網卡的zone

[root@test-7 ~]# firewall-cmd --get-active-zones

work

? interfaces: eno33554984

firewalld關于service的操作

1、查看系統所有的service

firewall-cmd --get-services

RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server wbem-https

2、查看當前zone下的service

[root@test-7 ~]# firewall-cmd --list-services?

dhcpv6-client ipp-client ssh

3、查看指定zone下的service

[root@test-7 ~]# firewall-cmd --zone=public --list-services?

dhcpv6-client ssh

添加一個服務到某個zone下

一、臨時添加（配置文件中不存在，重啟會恢復原配置）

[root@test-7 ~]# firewall-cmd --zone=public --add-service=http

success

查看：

[root@test-7 ~]# firewall-cmd --zone=public --list-services?

dhcpv6-client http ssh

二、永久添加

[root@test-7 ~]# firewall-cmd --zone=public --add-service=http --permanent

success

臨時刪除

1、

[root@test-7 ~]# firewall-cmd --zone=public --remove-service=ssh

success

[root@test-7 ~]# firewall-cmd --zone=public --list-service

dhcpv6-client http

2、[root@test-7 ~]# firewall-cmd --zone=public --remove-service=ftp --permanent

本文轉自 jiekegz ?51CTO博客，原文鏈接:http://blog.51cto.com/jacksoner/2046630

總結

以上是生活随笔為你收集整理的iptables规则备份和恢复、firewall的zone的操作、service的操作的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。