本站文章总数为:165
Search Posts

centos7 卸载iptables安装firewalld常见问题以及常用命令记录

Posted on | By qiuf | No comments
内容纲要

centos7安装iptables 启用后 怎么添加白名单都不通 搜索没解决方案怒而卸载

#安装
yum install iptables-services.x86_64 -y
#卸载
yum remove iptables-services.x86_64 -y

安装firewalld

yun install -y firewalld
systemctl start firewalld
systemctl enable firewalld
systemctl status firewalld

结果status 输出警告日志

[root@iZuf60psixuspvj5xn4sfnZ dl_yi002game]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2024-01-25 17:45:26 CST; 2s ago
     Docs: man:firewalld(1)
 Main PID: 30128 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─30128 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Jan 25 17:45:26 iZuf60psixuspvj5xn4sfnZ systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 25 17:45:26 iZuf60psixuspvj5xn4sfnZ systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 25 17:45:26 iZuf60psixuspvj5xn4sfnZ firewalld[30128]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
Jan 25 17:45:26 iZuf60psixuspvj5xn4sfnZ firewalld[30128]: WARNING: Failed to load nf_conntrack module: sysctl: cannot open "/etc/sysctl.conf": No such file or directory
                                                          modprobe: ERROR: Error running install command for nf_conntrack
                                                          modprobe: ERROR: could not insert 'nf_conntrack': Unknown error 255...
Hint: Some lines were ellipsized, use -l to show in full.

WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.
这个日志解决方案
在/etc/firewalld/firewalld.conf文件中将AllowZoneDrifting的配置项值改为no
然后

sed -i 's#AllowZoneDrifting=.*#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf
systemctl restart firewalld
systemctl status firewalld

WARNING: Failed to load nf_conntrack module: sysctl: cannot open "/etc/sysctl.conf": No such file or directory
modprobe: ERROR: Error running install command for nf_conntrack
modprobe: ERROR: could not insert ‘nf_conntrack’: Unknown error 255
这个日志解决方案https://www.cnblogs.com/hyyx/p/16902282.html
一键命令


mkdir /lib/modules/$(uname -r)

touch /lib/modules/$(uname -r)/modules.{builtin,order}

for i in /sys/module/*; do echo kernel/${i##**/}.ko; done >> /lib/modules/$(uname -r)/modules.builtin

depmod -a

systemctl restart firewalld
systemctl status firewalld

正常了
“`shell
[root@iZuf60psixuspvj5xn4sfnZ ~]# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-01-25 17:49:39 CST; 19min ago
Docs: man:firewalld(1)
Main PID: 30448 (firewalld)
CGroup: /system.slice/firewalld.service
└─30448 /usr/bin/python2 -Es /usr/sbin/firewalld –nofork –nopid</p>
<p>Jan 25 17:49:38 iZuf60psixuspvj5xn4sfnZ systemd[1]: Starting firewalld – dynamic firewall daemon…
Jan 25 17:49:39 iZuf60psixuspvj5xn4sfnZ systemd[1]: Started firewalld – dynamic firewall daemon.</p>
<pre><code>### 常用命令
“`shell
# 开放30001端口
firewall-cmd –zone=public –add-port=30001/tcp –permanent
#关闭30001端口
firewall-cmd –zone=public –remove-port=30001/tcp –permanent
#开放IP段
firewall-cmd –zone=public –permanent –add-rich-rule="rule family="ipv4" source address="172.19.62.0/24" accept"
#关闭IP段
firewall-cmd –zone=public –permanent –remove-rich-rule="rule family="ipv4" source address="172.19.62.0/24" accept"
#IP段开放指定端口
firewall-cmd –zone=public –permanent –add-rich-rule="rule family="ipv4" source address="172.19.63.211" port protocol="tcp" port="3690" accept"

# 生效慢 配置立即生效
firewall-cmd –reload

Category: Linux | Tag: , , , ,

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注