iptables规则备份和恢复、firewall的zone的操作、service的操作
iptables規(guī)則備份和恢復
保存和備份iptables規(guī)則如下:
service iptables save //會把規(guī)則保存到/etc/sysconfig/iptables
把iptables規(guī)則備份到my.ipt文件中
?iptables-save > my.ipt
?恢復剛才備份的規(guī)則
?iptables-restore < my.ipt
實驗:
[root@test-7 ~]# iptables-save > my.ipt
[root@test-7 ~]# iptables -t nat -F ?#清空
[root@test-7 ~]# iptables -t nat -nvL #查看下
Chain PREROUTING (policy ACCEPT 2 packets, 406 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain INPUT (policy ACCEPT 2 packets, 406 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain OUTPUT_direct (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POSTROUTING_ZONES (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POSTROUTING_ZONES_SOURCE (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POSTROUTING_direct (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POST_public (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POST_public_allow (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POST_public_deny (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POST_public_log (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PREROUTING_ZONES (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PREROUTING_ZONES_SOURCE (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PREROUTING_direct (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PRE_public (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PRE_public_allow (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PRE_public_deny (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain PRE_public_log (0 references)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
[root@test-7 ~]# iptables-restore < my.ipt #恢復
[root@test-7 ~]# iptables -t nat -nvL ?#查看下,數(shù)據(jù)又回來了
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
? ? 0 ? ? 0 DNAT ? ? ? tcp ?-- ?* ? ? ?* ? ? ? 0.0.0.0/0 ? ? ? ? ? ?192.168.100.102 ? ? ?tcp dpt:1122 to:192.168.133.2:22
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
?pkts bytes target ? ? prot opt in ? ? out ? ? source ? ? ? ? ? ? ? destination ? ? ? ??
? ? 0 ? ? 0 SNAT ? ? ? all ?-- ?* ? ? ?* ? ? ? 192.168.133.2 ? ? ? ?0.0.0.0/0 ? ? ? ? ? ?to:192.168.100.102
firewalld的9個zone
1、查看zone類型:
[root@test-7 ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
關于9種zone的解析:
查看默認的zone:
[root@test-7 ~]# firewall-cmd --get-default-zone
public
firewalld關于zone的操作
1、設置
[root@test-7 ~]# firewall-cmd --set-default-zone=work
success
2、查看
[root@test-7 ~]# firewall-cmd --get-default-zone?
work
3、查看網(wǎng)卡的zone
[root@test-7 ~]# firewall-cmd --get-zone-of-interface=eno16777736
work
給指定的網(wǎng)卡增加zone
更改zone:
firewall-cmd --zone=block --change-interface=eno16777736
查看:
[root@test-7 ~]# firewall-cmd --get-zone-of-interface=eno16777736
block
刪除zone
[root@test-7 ~]# firewall-cmd --zone=block --remove-interface=eno16777736
success
查看所有網(wǎng)卡的zone
[root@test-7 ~]# firewall-cmd --get-active-zones
work
? interfaces: eno33554984
firewalld關于service的操作
1、查看系統(tǒng)所有的service
firewall-cmd --get-services
RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server wbem-https
2、查看當前zone下的service
[root@test-7 ~]# firewall-cmd --list-services?
dhcpv6-client ipp-client ssh
3、查看指定zone下的service
[root@test-7 ~]# firewall-cmd --zone=public --list-services?
dhcpv6-client ssh
添加一個服務到某個zone下
一、臨時添加(配置文件中不存在,重啟會恢復原配置)
[root@test-7 ~]# firewall-cmd --zone=public --add-service=http
success
查看:
[root@test-7 ~]# firewall-cmd --zone=public --list-services?
dhcpv6-client http ssh
二、永久添加
[root@test-7 ~]# firewall-cmd --zone=public --add-service=http --permanent
success
臨時刪除
1、
[root@test-7 ~]# firewall-cmd --zone=public --remove-service=ssh
success
[root@test-7 ~]# firewall-cmd --zone=public --list-service
dhcpv6-client http
2、[root@test-7 ~]# firewall-cmd --zone=public --remove-service=ftp --permanent
總結(jié)
以上是生活随笔為你收集整理的iptables规则备份和恢复、firewall的zone的操作、service的操作的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 解决Eclipse安装Genymotio
- 下一篇: [Oracle] CPU/PSU补丁安装