一、关于iptables规则的保存
之前写的iptables的设置,但是都是临时生效的,一旦电脑重启,那么就会失效,如何永久保存,需要借助iptables-save命令,开机生效需要借助iptables-restore命令,并写入规定的配置文件中。
[root@zzcentos1 ~]#iptables-save > /opt/iprule
[root@zzcentos1 ~]#cat /opt/iprule
# Generated by iptables-save v1.4.21 on Sun Feb 18 18:32:36 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [59:4744]
-A INPUT -s 192.168.246.0/24 -j ACCEPT
-A INPUT -s 192.168.246.0/24 -p icmp -j DROP
COMMIT
# Completed on Sun Feb 18 18:32:36 2024
[root@zzcentos1 ~]#iptables -F
[root@zzcentos1 ~]#iptables -vnL
Chain INPUT (policy ACCEPT 20 packets, 1168 bytes)pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 11 packets, 908 bytes)pkts bytes target prot opt in out source destination
[root@zzcentos1 ~]#iptables-restore < /opt/iprule
[root@zzcentos1 ~]#iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 45 2888 ACCEPT all -- * * 192.168.246.0/24 0.0.0.0/0 0 0 DROP icmp -- * * 192.168.246.0/24 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 36 packets, 2760 bytes)pkts bytes target prot opt in out source destination
[root@zzcentos1 ~]#①防火墙iptables规则保存
让防火墙规则在开机后自动运行
方法一:
方法二:
开机自动加载规则
第一种:个性化设置放到用户家目录下的配置文件~/.bashrc
第二种:放到全局配置文件中,/etc/profile中,对所有用户生效
第三种:放到开机自启的最后一项,加载系统服务的配置文件中,可以让系统重启即可生效
实验:
综上所述,建议放在系统自带的配置/etc/rc.d/rc.local中
②使用iptables-services软件来进行规则的保存和加载(不建议使用)
[root@centos7 ~]#yum -y install iptables-services
[root@centos7 ~]#cp /etc/sysconfig/iptables{,.bak}
#保存现在的规则到文件中方法1
[root@centos7 ~]#/usr/libexec/iptables/iptables.init save
#保存现在的规则到文件中方法2
[root@centos7 ~]#iptables-save > /etc/sysconfig/iptables
#开机启动
[root@centos7 ~]#systemctl enable iptables.service
[root@centos7 ~]#systemctl mask firewalld.service nftables.service
~)
