CenOS7 防火墙配置
文章目录
- CenOS7 防火墙配置
- 1. 查看firewall服务状态
- 2. 查看firewall的状态
- 3. 开启/关闭 /重启firewalld.service服务
- 4. 查看防火墙规则
- 5. 查询/开放/关闭端口
1. 查看firewall服务状态
systemctl status firewalld
1 2 3 4 5 6 7 8 9 10 11 | ? network systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-04-03 20:28:21 CST; 3h 27min ago Docs: man:firewalld(1) Main PID: 2543 (firewalld) CGroup: /system.slice/firewalld.service └─2543 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Apr 03 20:28:19 python systemd[1]: Starting firewalld - dynamic firewall daemon... Apr 03 20:28:21 python systemd[1]: Started firewalld - dynamic firewall daemon. |
2. 查看firewall的状态
firewall-cmd --state
1 2 | ? network firewall-cmd --state running |
3. 开启/关闭 /重启firewalld.service服务
- 开启 service firewalld start
- 关闭 service firewalld stop
- 重启 service firewalld restart
1 2 3 4 5 6 | ? network service firewalld start Redirecting to /bin/systemctl start firewalld.service ? network service firewalld stop Redirecting to /bin/systemctl stop firewalld.service ? network service firewalld restart Redirecting to /bin/systemctl restart firewalld.service |
4. 查看防火墙规则
firewall-cmd --list-all
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | ? network firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: ssh dhcpv6-client ftp ports: 21/tcp 20/tcp 80/tcp 443/tcp 8899/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
5. 查询/开放/关闭端口
1 2 3 4 5 6 7 8 9 10 11 12 13 | # 查询端口是否开放 firewall-cmd --query-port=8080/tcp # 开放80端口 firewall-cmd --permanent --add-port=80/tcp # 移除端口 firewall-cmd --permanent --remove-port=8080/tcp # 重启防火墙(修改配置后要重启防火墙) firewall-cmd --reload # 参数解释 # firwall-cmd 是Linux提供的操作firewall的一个工具 # --permanent:表示设置为持久 # --add-port:标识添加的端口 # --remove-port: 标识移除端口 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | ? network firewall-cmd --add-port=8899/tcp --permanent success ? network firewall-cmd --reload success ? network firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: ssh dhcpv6-client ftp ports: 21/tcp 20/tcp 80/tcp 443/tcp 8899/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # 修改配置后要重启防火墙,否则可能不起效果 ? network firewall-cmd --remove-port=8899/tcp --permanent success ? network firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: ssh dhcpv6-client ftp ports: 21/tcp 20/tcp 80/tcp 443/tcp 8899/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: ? network firewall-cmd --reload success ? network firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: ssh dhcpv6-client ftp ports: 21/tcp 20/tcp 80/tcp 443/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |