linux常用指令--防火墙
centos7
iptables :
如果你想使用iptables静态路由规则,那么就禁用centos7默认的firewalld,并安装ipteables-services, 启用iptables和ip6tables;
yum install iptables-services
systemctl mask firewalld.service
systemctl enable iptables.service //添加开启动项
systemctl enable ip6tables.service
静态防火墙规则配置文件路径为 /etc/sysconfig/iptables 和 /etc/sysconfig/ip6tables中,可自己在其中配置规则;
配置完规则以后,需要先停用firewalld,然后启用iptables和ip6tables服务即可:
systemctl stop firewalld.service
systemctl start iptables.service
systemctl start ip6tables.service
firewalld :
* 查看firewalld状态 => firewall-cmd --state
[root@iZ28uvczcf6Z ~]# firewall-cmd --state
running
*开启80端口 => firewall-cmd --zone=public --add-port=80/tcp --permanent
[root@iZ28uvczcf6Z ~]# firewall-cmd --zone=public --add-port=8888/tcp --permanent
success
[root@iZ28uvczcf6Z ~]#
出现success说明成功了;
命令含义: --zone #作用域
--add-port=80/tcp #添加端口,格式为 : 端口/通讯协议
--permanent #永久生效,没有此参数时,重启即失效
* 重启防火墙 => systemctl restart firewalld.service
* 启动 => systemctl start firewalld
禁用 => systemctl disable firewalld
停止 => systemctl stop firewalld
* 查看所有启用的区域的特性 => firewall-cmd --list-all-zones
[root@iZ28uvczcf6Z ~]# firewall-cmd --list-all-zones
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules: trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client postgresql ssh
ports: 3333/tcp 80/tcp 6379/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules: block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
后记
仅做备忘用...未完待续...
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利;
本文出自:博客园--别问是谁
最新文章
- 【绝对干货】仿微信QQ设置图形头像裁剪,让你的App从此炫起来~
- Beta阶段发布说明
- [原创]JavaEE在CentOS服务器上的部署
- (转)浅析Java中的访问权限控制
- Matlab中如何将(自定义)函数作为参数传递给另一个函数
- 如何获取WIN10 Program Files 文件夹下的文件操作权限
- docker安装错误
- Spring整合Ibatis
- Cyborg Genes
- GCD SUM 强大的数论,容斥定理
- iOS Xcode及模拟器SDK下载
- windows单节点下安装es集群
- iOS----------常用三方库
- C++ 函数的重载和参数默认值
- shell 流程控制语句
- leetcode第39题:组合综合
- PAT B1006 换个格式输出整数 (15 分)
- 字符串匹配算法之 kmp算法 (python版)
- Setting up a Single Node Cluster Hadoop on Ubuntu/Debian
- 20165301陈潭飞2017-2018-2 20165301 实验三《Java面向对象程序设计》实验报告