firewalld防火墙默认配置是只打开SSH的22端口,阿里云服务器(CentOs7默认安装了firewalld);
如果SSH的端口已更改成别的端口,切记一定在启动firewall前,先修改对应服务策略中SSH的端口。文件路径:/usr/lib/firewalld/services/ssh.xml 把22改成你的远程端口号,然后再启动firewall防火墙;
如果防火墙已经启动,你再想更改自己的SSH端口号,那么请先把自己要修改SSH端口号,先添加进防火墙放行端口中,否则修改SSH端口后就会导致你的SSH远程登录不上;
另外更改配置文件,请一定运行一下命令重新加载配置文件,新配置才会生效;
firewall-cmd –reload #重新加载配置文件
1- 查看firewall状态,linux7之后默认是安装并开启的;
firewall-cmd —state
2- 安装
yum install firewalld
3- 启动,
systemctl start firewalld
4-设置开机启动
systemctl enable firewalld
5-关闭
systemctl stop firewalld
6-取消开机启动
systemctl disable firewalld
7-添加禁止IP(123.56.161.140)访问机器
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”123.56.161.140” drop‘
8-添加禁止一个IP段,比如禁止123.56..
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”123.56.0.0/16” drop‘
9-添加禁止一个IP段,比如禁止123.56.161.
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”123.56.161.0/24” drop‘
10-删除禁止机器IP(123.56.161.140)访问策略
firewall-cmd —permanent —remove-rich-rule=’rule family=ipv4 source address=”123.56.161.140” drop‘
11-允许http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd —permanent —add-service=http
12-关闭http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd —permanent —remove-service=http
13-开放访问端口:3389
firewall-cmd —permanent —add-port=3389/tcp
14-开放端口:1-3389
firewall-cmd —permanent —add-port=1-3389/tcp
15-关闭放行中端口:3389
firewall-cmd —permanent —remove-port=3389/tcp
16-查看firewall的状态
firewall-cmd —state
17-查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略,在配置策略前,一般先CP,以后方便直接还原);
firewall-cmd —list-all
18-查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略)
firewall-cmd —list-all-zones
重要的策略红框中:利用 firewall-cmd —list-all 亦可以查看
19-重新加载配置文件,更改配置后一定要重新加载配置文件:
firewall-cmd —reload
firewall-cmd —reload
firewall-cmd —reload
重要事情说三遍!!!
重要事情说三遍!!!
*重要事情说三遍!!!