Centos7操作:设置防火墙 本是古典 何须时尚 2021-09-28 04:34 355阅读 0赞 # Centos7操作:设置防火墙firewall # 防火墙官方文档介绍地址: [https://access.redhat.com/documentation/en-US/Red\_Hat\_Enterprise\_Linux/7/html/Security\_Guide/sec-Using\_Firewalls.html\#sec-Introduction\_to\_firewalld1][https_access.redhat.com_documentation_en-US_Red_Hat_Enterprise_Linux_7_html_Security_Guide_sec-Using_Firewalls.html_sec-Introduction_to_firewalld1] ## 设置防火墙 ## ### 1、查看firewall服务状态 ### systemctl status firewalld ### 2、查看firewall的状态 ### firewall-cmd --state ### 3、开启、重启、关闭、firewalld.service服务 ### # 开启 service firewalld start # 重启 service firewalld restart # 关闭 service firewalld stop #查看防火墙规则 firewall-cmd --list-all #查询、开放、关闭端口 # 查询端口是否开放 firewall-cmd --query-port=8080/tcp # 开放80端口 firewall-cmd --permanent --add-port=80/tcp # 移除端口 firewall-cmd --permanent --remove-port=8080/tcp # 参数解释 xxx firwall-cmd:是Linux提供的操作firewall的一个工具; #表示设置为持久; --permanent #标识添加的端口; --add-port #作用域 --zone #重启防火墙(修改配置后要重启防火墙) firewall-cmd --reload #停止firewall systemctl stop firewalld.service #禁止firewall开机启动 systemctl disable firewalld.service #查看默认防火墙状态(关闭后显示notrunning,开启后显示running) firewall-cmd --state #启动一个服务: systemctl start firewalld.service #关闭一个服务: systemctl stop firewalld.service #重启一个服务: systemctl restart firewalld.service #显示一个服务的状态: systemctl status firewalld.service #在开机时启用一个服务: systemctl enable firewalld.service #在开机时禁用一个服务: systemctl disable firewalld.service #查看服务是否开机启动: systemctl is-enabled firewalld.service;echo $? #查看已启动的服务列表: systemctl list-unit-files|grep enabled # CentOS 7默认使用firewall防火墙,安装iptables-services可使用iptables防火墙 # ## 1、直接关闭防火墙 ## systemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 ## 2、设置 iptables service ## yum -y install iptables-services ## 3、增加规则 ## 如果要修改防火墙配置,如增加防火墙端口3306 vi /etc/sysconfig/iptables #在文件中加入 -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT 完整iptables 文件内容 Firewall configuration written by system-config-firewall Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited ## 4、保存退出后,设置生效,开机启动 ## \#重启防火墙使配置生效 systemctl restart iptables.service \#设置防火墙开机启动 systemctl enable iptables.service 最后重启系统使设置生效即可。 \#打开防火墙 systemctl start iptables.service \#关闭防火墙 systemctl stop iptables.service [https_access.redhat.com_documentation_en-US_Red_Hat_Enterprise_Linux_7_html_Security_Guide_sec-Using_Firewalls.html_sec-Introduction_to_firewalld1]: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#sec-Introduction_to_firewalld1
还没有评论,来说两句吧...