查看防火墙的版本
firewall-cmd —version防火墙开机自启
systemctl enable firewalld
防火墙禁止开机启动
systemctl disable firewalld
彻底关闭防火墙服务
systemctl stop firewalld
systemctl disable firewalld
启动防火墙
systemctl start firewalld
停止防火墙
systemctl stop firewalld
重启防火墙
systemctl restart firewalld
查看防火墙状态
systemctl status firewalld 或者 firewall-cmd —state
查看防火墙规则
firewall-cmd —list-all
查看所有打开的端口
firewall-cmd —zone=public —list-ports
更改防火墙规则
firewall-cmd —reload
更改防火墙规则,重启服务
firewall-cmd —completely-reload
开放和关闭端口
- 添加:
firewall-cmd —zone=public —add-port=80/tcp —permanent (—permanent永久生效,没有此参数重启后失效) - 重新载入:
firewall-cmd —reload - 查看:
firewall-cmd —zone=public —query-port=80/tcp - 删除:
firewall-cmd —zone=public —remove-port=80/tcp —permanent
管理服务
以ssh服务为例, 添加到work zone
- 添加:
firewall-cmd —zone=work —add-service=ssh - 查看:
firewall-cmd —zone=work —query-service=ssh - 删除:
firewall-cmd —zone=work —remove-service=ssh
IP 地址伪装
- 查看:
firewall-cmd —zone=external —query-masquerade - 打开:
firewall-cmd —zone=external —add-masquerade 关闭:
firewall-cmd —zone=external —remove-masquerade端口转发
打开端口转发,首先需要打开IP地址伪装
firewall-cmd —zone=external —add-masquerade- 转发 tcp 22 端口至 1100:
firewall-cmd —zone=external —add-forward-port=22:porto=tcp:toport=1100 - 转发端口数据至另一个IP的相同端口:
firewall-cmd —zone=external —add-forward-port=22:porto=tcp:toaddr=10.10.0.1 - 转发端口数据至另一个IP的 1100 端口:
firewall-cmd —zone=external —add-forward-port=22:porto=tcp:toport=1100:toaddr=10.10.0.1
若有收获,就点个赞吧
0 人点赞
