防火墙服务

开启、关闭、重启防火墙服务、查看防火墙服务状态:

  1. systemctl start firewalld
  2. systemctl stop firewalld
  3. systemctl restart firewalld
  4. systemctl status firewalld

firewall-cmd 基本使用

  1. [root@localhost ~]# firewall-cmd --state                                                        # 查看防火墙状态
  2. running
  3. [root@localhost ~]# firewall-cmd --list-all                                                    # 列出防火墙规则
  4. public (active)
  5.   target: default
  6.   icmp-block-inversion: no
  7.   interfaces: eth0
  8.   sources:
  9.   services: dhcpv6-client ssh
  10.   ports: 550/tcp 9000/tcp 1080/tcp 1080/udp
  11.   protocols:
  12.   masquerade: no
  13.   forward-ports:
  14.   source-ports:
  15.   icmp-blocks:
  16.   rich rules:
  18. [root@localhost ~]# firewall-cmd --permanent --query-port=1080/tcp        # 查询端口是否放通
  19. yes
  20. [root@localhost ~]# firewall-cmd --permanent --add-port=1080/udp            # 放通端口
  21. success
  22. [root@localhost ~]# firewall-cmd --permanent --remove-port=1080/udp        # 关闭端口
  23. success
  24. [root@localhost ~]# firewall-cmd --reload                                                            # 重启防火墙
  25. success

:::warning 注:修改配置后要重启防火墙才生效! ::: :::info 说明:

  • firewall-cmd:是 Linux 提供的操作防火墙的一个工具;
  • --permanent:表示永久设置。若没有此参数,则重启后失效。 :::

    查看区域信息

    1. firewall-cmd --get-active-zones
    2. firewall-cmd --list-all-zones

    设置 ip 白名单

    ```shell

    开启某个端口(指定IP可访问)

    firewall-cmd —permanent —zone=public —add-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept”

删除策略

firewall-cmd —permanent —zone=public —remove-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept” ```