防火墙服务
开启、关闭、重启防火墙服务、查看防火墙服务状态:
systemctl start firewalld
systemctl stop firewalld
systemctl restart firewalld
systemctl status firewalld
firewall-cmd
基本使用
[root@localhost ~]# firewall-cmd --state # 查看防火墙状态
running
[root@localhost ~]# firewall-cmd --list-all # 列出防火墙规则
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 550/tcp 9000/tcp 1080/tcp 1080/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --query-port=1080/tcp # 查询端口是否放通
yes
[root@localhost ~]# firewall-cmd --permanent --add-port=1080/udp # 放通端口
success
[root@localhost ~]# firewall-cmd --permanent --remove-port=1080/udp # 关闭端口
success
[root@localhost ~]# firewall-cmd --reload # 重启防火墙
success
:::warning 注:修改配置后要重启防火墙才生效! ::: :::info 说明:
firewall-cmd
:是 Linux 提供的操作防火墙的一个工具;--permanent
:表示永久设置。若没有此参数,则重启后失效。 :::查看区域信息
firewall-cmd --get-active-zones
firewall-cmd --list-all-zones
设置 ip 白名单
```shell开启某个端口(指定IP可访问)
firewall-cmd —permanent —zone=public —add-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept”
删除策略
firewall-cmd —permanent —zone=public —remove-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept” ```