从Centos7开始默认使用firewall防火墙了

换成iptables防火墙，操作步骤如下：

关闭firewalld防火墙，关闭开机自启
systemctl stop firewalld.service systemctl disable firewalld.service

|-----|----------------------------------------------------------------------| | 1 2 | systemctl stop firewalld.service systemctl disable firewalld.service |

安装iptables防火墙，设置开机自启
yum -y install iptables-services net-tools systemctl enable iptables.service

|-----|------------------------------------------------------------------------------| | 1 2 | yum -y install iptables-services net-tools systemctl enable iptables.service |

然后编辑iptables防火墙规则就好了
vim /etc/sysconfig/iptables

|---|-----------------------------| | 1 | vim /etc/sysconfig/iptables |

来个示例：
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT

|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 5 6 7 8 9 10 11 | *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT |