网站首页Linux

防火墙的设置

放行常用端口号(需重启防火墙使其生效)
[root@localhost ~]# firewall-cmd --zone=public --add-port=22/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --add-port=443/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --add-port=10000-10086/tcp --permanent # 批量放行
参数说明: 
--zone=public # 作用域 
--add-port=22/tcp # 端口号/通讯协议
--permanent # 永久生效(没有此参数重启后失效)
 
屏蔽常用端口号(需重启防火墙使其生效)
[root@localhost ~]# firewall-cmd --zone=public --remove-port=22/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --remove-port=80/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --remove-port=443/tcp --permanent
[root@localhost ~]# firewall-cmd --zone=public --remove-port=3306/tcp --permanent
 
查看放行端口号
[root@localhost ~]# firewall-cmd --permanent --list-port
22/tcp 80/tcp 443/tcp
[root@localhost ~]# 
 
停止/启动/重启防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl start firewalld.service
[root@localhost ~]# systemctl restart firewalld.service
[root@localhost ~]# 
 
设置开机启动
[root@localhost ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@localhost ~]# 
 
禁用开机启动
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# 
 
查看运行状态
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-02-14 21:25:33 CST; 53s ago
     Docs: man:firewalld(1)
 Main PID: 2577 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─2577 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
 
Feb 14 21:25:32 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 14 21:25:33 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]# 

加入IP黑名单(需重启防火墙使其生效)
[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="183.232.231.171" drop'
 
移除IP黑名单(需重启防火墙使其生效)
[root@localhost ~]# firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address="183.232.231.171" drop'
 
查看IP黑名单
[root@localhost ~]# firewall-cmd --list-rich-rules
rule family="ipv4" source address="183.232.231.171" drop
rule family="ipv4" source address="183.232.231.172" drop
rule family="ipv4" source address="183.232.231.173" drop
[root@localhost ~]#

Copyright © 2024 码农人生. All Rights Reserved