Centos7中的防火墙调整为firewalld，试一下systemctl stop firewalld关闭防火墙。

 

命令：systemctl stop firewalld命令：systemctl mask firewalld命令：yum install iptables-services://www.it.net. 命令：systemctl enable iptables 打开 vi /etc/sysconfig/iptables 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT（允许80端口通过防火墙） 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT（允许3306端口通过防火墙） 

特别提示：很多网友把这两条规则添加到防火墙配置的最后一行，导致防火墙启动失败，正确的应该是添加到默认的22端口这条规则的下面

添加好之后防火墙规则如下所示：

###################################### 

# Firewall configuration written by system-config-firewall 

# Manual customization of this file is not recommended. 

*filter 

:INPUT ACCEPT [0:0] 

:FORWARD ACCEPT [0:0] 

:OUTPUT ACCEPT [0:0] 

-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT 

-A INPUT -p icmp -j ACCEPT 

-A INPUT -i lo -j ACCEPT 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT 

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT 

-A INPUT -j REJECT –reject-with icmp-host-prohibited 

-A FORWARD -j REJECT –reject-with icmp-host-prohibited 

COMMIT 

#####################################

 

 

命令：service iptables save  or 命令：/usr/libexec/iptables/iptables.init save

#最后重启防火墙使配置生效

/etc/init.d/iptables restart