centos7防火墙firewalld的安装与使用_技术文档
centos7防火墙firewalld如何安装?
防火墙能有效的过滤掉非授权端口的请求,是保障服务器的第一步。在centos里可以安装诸多防火墙软件,诸如firewalld、iptables、ufw等,不过在centos7中iptables已经废弃不用。本文主要讲诉firewalld的使用。牢记:
想生效 记得reload。firewall-cmd –reloadfirewall-cmd –reload
centos7 防火墙firewalld的安装:
yum install firewalld -y
centos7 防火墙firewalld的管理命令:
#启动
systemctl start firewalld.service
#重启
systemctl restart firewalld.service
#设置开机启动
systemctl enable firewalld.service
#关闭开机启动
systemctl disable firewalld.service
centos7 防火墙firewalld 端口的增加:
公共端口增加
firewall-cmd –zone=public –add-port=80/tcp –permanent
增加一个永久生效的tcp:80端口,–permanent为永久生效,没有此参数重启后失效。
在增加后需要进行重载配置或重启防火墙,否则无法生效。
firewall-cmd –reload
批量增加公共端口
firewall-cmd –permanent –zone=public –add-port=60000-61000/tcp
#批量开放60000-61000的TCP端口
firewall-cmd –permanent –zone=public –add-port=100-500/udp
#批量开放100-500的udp端口
私密端口的增加(指定ip或ip段访问)
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/16″ accept”
#允许192.168.0.1/16 访问全部端口
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ accept”
#允许192.168.0.3 访问全部端口
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ port protocol=”tcp” port=”12345″ accept”
#允许192.168.0.3 访问TCP:12345端口
centos7 防火墙firewalld 端口的查看
firewall-cmd –list-all
#列出所有开放的端口(含私密)记住此条即可
firewall-cmd –zone=public –list-ports
#仅列出public公共端口
centos7 防火墙firewalld 端口的删除:
删除单个公共端口
firewall-cmd –zone=public –remove-port=80/tcp –permanent
删除ip段等自定义规则
#先list-all查看
firewall-cmd –list-all
#然后
firewall-cmd –permanent –remove-rich-rule=”列出的规则直接复制于此”
例:firewall-cmd –permanent –remove-rich-rule=”firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/19″ accept””
即:firewall-cmd –permanent –remove-rich-rule=””
centos7 防火墙firewalld 禁止ping:
firewall-cmd –add-rich-rule=”rule protocol value=icmp drop” –permanent