Centos 7 默认使用防火墙为Firewalld防火墙,如下是关于Firewalld防火墙的一些配置介绍。
在使用firewalld之前,我们需要先检查一下firewalld的状态
[[email protected] ~]# firewall-cmd --staterunning
running 表示firewalld是开启状态并正在运行。
有的时后会显示unit is masked,表示 防火墙被“遮盖”,我们需要输入一下
[[email protected] ~]# systemctl unmask firewalld
如果
[[email protected]~]# firewall-cmd --statenot running
就需要先开启一下firewalld
[[email protected] ~]# systemctl start firewalld[[email protected] ~]# firewall-cmd --staterunning
开机启动firewalld命令
[[email protected]~]# systemctl enable firewalld
相对应的,关闭防火墙和禁止开机启动命令为
[[email protected] ~]# systemctl disable firewalld[[email protected] ~]# systemctl stop firewalld
加载防火墙配置
[[email protected] ~]# firewall-cmd --reloadsuccess
查看防火墙所有区域
[[email protected] ~]# firewall-cmd --list-all-zones
会列列出work,drop,internal,external,trusted,home,dmz,public,block。
查看默认工作区域
[[email protected] ~]# firewall-cmd --get-default-zonepublic
查看firewalld支持的服务
[[email protected]~]# firewall-cmd --get-servicesRH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
对外开启和关闭http服务
[[email protected] ~]# firewall-cmd --zone=public --add-service=http --permanentsuccess[[email protected] ~]# firewall-cmd --zone=public --remove-service=http --permanentsuccess
配置完之后要记得reload
firewalld配置有两种工作模式runtime和permanent,第一种重启之后失效。
对外开启端口如443
[[email protected] ~]# firewall-cmd --zone=public --add-port=443/tcp --permanentsuccess[[email protected] ~]# firewall-cmd --zone=public --remove-port=443/tcp --permanentsuccess[[email protected] ~]# firewall-cmd --reloadsuccess
时间: 2024-10-13 23:04:45