虚拟主机域名注册-常见问题 → 服务器知识 → 操作系统 | ||||
牢记:想生效 记得reload。firewall-cmd –reload firewall-cmd –reload centos7 防火墙firewalld的安装: yum install firewalld -y centos7 防火墙firewalld的管理命令: #启动 systemctl start firewalld.service #重启 systemctl restart firewalld.service #设置开机启动 systemctl enable firewalld.service #关闭开机启动 systemctl disable firewalld.service centos7 防火墙firewalld 端口的增加: 公共端口增加 firewall-cmd –zone=public –add-port=80/tcp –permanent 增加一个永久生效的tcp:80端口,–permanent为永久生效,没有此参数重启后失效。 在增加后需要进行重载配置或重启防火墙,否则无法生效。 firewall-cmd –reload 批量增加公共端口 firewall-cmd –permanent –zone=public –add-port=60000-61000/tcp #批量开放60000-61000的TCP端口 firewall-cmd –permanent –zone=public –add-port=100-500/udp #批量开放100-500的udp端口 私密端口的增加(指定ip或ip段访问) firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/16″ accept” #允许192.168.0.1/16 访问全部端口 firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ accept” #允许192.168.0.3 访问全部端口 firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ port protocol=”tcp” port=”12345″ accept” #允许192.168.0.3 访问TCP:12345端口 centos7 防火墙firewalld 端口的查看 firewall-cmd –list-all #列出所有开放的端口(含私密)记住此条即可 firewall-cmd –zone=public –list-ports #仅列出public公共端口 centos7 防火墙firewalld 端口的删除: 删除单个公共端口 firewall-cmd –zone=public –remove-port=80/tcp –permanent 删除ip段等自定义规则 #先list-all查看 firewall-cmd –list-all #然后 firewall-cmd –permanent –remove-rich-rule=”列出的规则直接复制于此” 例: firewall-cmd –permanent –remove-rich-rule=”firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/19″ accept”” 即: firewall-cmd –permanent –remove-rich-rule=”” centos7 防火墙firewalld 禁止ping: firewall-cmd –add-rich-rule=”rule protocol value=icmp drop” –permanent 牢记:想生效 记得reload。firewall-cmd –reload
|
||||
>> 相关文章 | ||||
没有相关文章。 |