centos7下部署iptables环境纪录（关闭默认的firewalle）

CentOS7默认的防火墙不是iptables,而是firewall.
由于习惯了用iptables作为防火墙，所以在安装好centos7系统后，会将默认的firewall关闭，并另安装iptables进行防火墙规则设定

下面介绍centos7关闭firewall安装iptables，并且开启80端口、3306端口的操作记录：
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

1、关闭firewall：

[root@localhost ~]# systemctl stop firewalld.service            //停止firewall
[root@localhost ~]# systemctl disable firewalld.service        //禁止firewall开机启动

2、安装iptables防火墙

[root@localhost ~]# yum install iptables-services            //安装
[root@localhost ~]# vim /etc/sysconfig/iptables              //编辑防火墙配置文件
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

[root@localhost ~]# systemctl restart iptables.service                  //最后重启防火墙使配置生效
[root@localhost ~]# systemctl enable iptables.service                  //设置防火墙开机启动

[root@localhost ~]# iptables -L                 //查看防火墙规则,默认的是－t filter，如果是nat表查看，即iptables －t nat -L

二、关闭SELINUX

[root@localhost ~]# vim /etc/selinux/config
#SELINUX=enforcing           //注释掉
#SELINUXTYPE=targeted           //注释掉
SELINUX=disabled              //增加

[root@localhost ~]# setenforce 0       //使配置立即生效