centos7.x更换firewalld为iptables

一.安装代码：
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install -y iptables-services
systemctl restart iptables.service
systemctl enable iptables.service


二.写入iptables代码
cat >> /etc/sysconfig/iptables << EOF
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF

三.复制启动脚本到/etc/rc.d/init.d目录（启动脚本在附件中，需要解压开把iptables文件复制到/etc/rc.d/init.d目录）


四.赋予启动脚本权限
chmod 755 /etc/rc.d/init.d/iptables


五.以后就可以象centos 5.x/6.x那样使用 iptables了，比如开80端口
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
systemctl restart iptables.service