RHEL7、CentOS7防火墙管理
2024-08-25 12:21:13
经常start、stop、restart操作防火墙有两种方式:
1、service iptables stop
2、/etc/init.d/iptables stop
但是经常会有这种错误,因为在RHEL7、CentOS种其实没有这个服务。
[root@rhel7 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.0 (Maipo)
[root@rhel7 ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
[root@rhel7 ~]# /etc/init.d/iptables stop
-bash: /etc/init.d/iptables: No such file or directory
或者
[root@CTU1000094955 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@CTU1000094955 ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
[root@CTU1000094955 ~]# /etc/init.d/iptables stop
-bash: /etc/init.d/iptables: No such file or directory
原来在RHEL7、CentOS7开始,使用systemctl工具来管理服务程序,包括了service和chkconfig。
[root@CTU1000094955 ~]# systemctl list-unit-files|grep firewall
firewalld.service disabled
那么systemctl管理防火墙:
启动一个服务:systemctl start firewalld.service
关闭一个服务:systemctl stop firewalld.service
重启一个服务:systemctl restart firewalld.service
显示一个服务的状态:systemctl status firewalld.service
在开机时启用一个服务:systemctl enable firewalld.service
在开机时禁用一个服务:systemctl disable firewalld.service
查看服务是否开机启动:systemctl is-enabled firewalld.service;echo $?
查看已启动的服务列表:systemctl list-unit-files|grep enabled
示例:
1、关闭防火墙并查看运行状态
[root@CTU1000094955 ~]# systemctl stop firewalld.service
[root@CTU1000094955 ~]# systemctl list-unit-files |grep firewall
firewalld.service disabled
[root@CTU1000094955 ~]# firewall-cmd --permanent --list-port
FirewallD is not running
[root@CTU1000094955 ~]# systemctl status firewalld.service
?.firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead) Nov :: CTU1000094955 systemd[]: Starting firewalld - dynamic firewall daemon...
Nov :: CTU1000094955 systemd[]: Started firewalld - dynamic firewall daemon.
Nov :: CTU1000094955 systemd[]: Started firewalld - dynamic firewall daemon.
Nov :: CTU1000094955 systemd[]: Stopping firewalld - dynamic firewall daemon...
Nov :: CTU1000094955 systemd[]: Stopped firewalld - dynamic firewall daemon.
2、开启防火墙并查看防护墙状态
[root@CTU1000094955 ~]# systemctl start firewalld.service
[root@CTU1000094955 ~]# systemctl status firewalld.service
?.firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sat -- :: CST; 5s ago
Main PID: (firewalld)
CGroup: /system.slice/firewalld.service
?.. /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Nov :: CTU1000094955 systemd[]: Starting firewalld - dynamic firewall daemon...
Nov :: CTU1000094955 systemd[]: Started firewalld - dynamic firewall daemon.
[root@CTU1000094955 ~]# systemctl list-unit-files |grep firewall
firewalld.service disabled
[root@CTU1000094955 ~]# firewall-cmd --permanent --list-port
/tcp /tcp
与此同时,还可以通过firewall -cmd来操作防火墙
[root@CTU1000094955 ~]# man firewall-cmd
FIREWALL-CMD() firewall-cmd FIREWALL-CMD() NAME
firewall-cmd - firewalld command line client SYNOPSIS
firewall-cmd [OPTIONS...] DESCRIPTION
firewall-cmd is the command line client of the firewalld daemon. It provides interface to manage runtime and permanent configuration. The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration. OPTIONS
The following options are supported: General Options
-h, --help
Prints a short help text and exits. -V, --version
Print the version string of firewalld. This option is not combinable with other options. -q, --quiet
Do not print status messages. Status Options
--state
Check whether the firewalld daemon is active (i.e. running). Returns an exit code if it is active, NOT_RUNNING otherwise (see the section called ?.XIT CODES?.. This will
also print the state to STDOUT. --reload
Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are
lost with reload if they have not been also in permanent configuration. --complete-reload
3、查看防火墙是否运行
[root@CTU1000094955 ~]# firewall-cmd --state
running
4、查看默认通过防火墙
[root@CTU1000094955 ~]# firewall-cmd --permanent --list-port
/tcp /tcp
刚才测试添加了10001、80两个端口,参数--permanent 是永久配置机子重启依然有效。
5、删除默认通过防火墙的端口
[root@CTU1000094955 ~]# firewall-cmd --permanent --remove-port=/tcp
success
[root@CTU1000094955 ~]# firewall-cmd --permanent --list-port
/tcp
可以看到刚刚能通过防火墙的80端口现在已经查不到了。
6、添加端口到防火墙例外
[root@CTU1000094955 ~]# firewall-cmd --permanent --zone=public --add-port=/tcp
success
[root@CTU1000094955 ~]# firewall-cmd --permanent --list-port
/tcp /tcp
现在80端口又回来了。
最新文章
- eclipse rcp 打包出适合不同操作系统和操作位数.
- springMVC中使用ajax传递json数组
- WinForm-GridView
- Android Activity 阻止软键盘自动弹出
- 创建被访问的swf文件
- 再谈PCA
- 【C#】与C及OC的不同点
- iOS 使用Method Swizzling隐藏Status Bar
- 《ECMAScript6入门》___阮一峰 笔记
- Laravel 安全:避免 SQL 注入
- 马凯军201771010116《面向对象与程序设计Java》第十三周学习总结
- 微信小程序 table 简单测试
- jQuery-mobilevalidate使用 的一些心得,小小总结
- 浅谈style.,currentStyle,getComputedStyle,getAttribute
- VS2015 提示 无法启动 IIS Express Web 服务器
- tensorflow 导入gfile模型文件
- Oracle11g自带的SQL_developer无法打开
- zabbix企业应用:通过SNMP和iDRAC监控DELL服务器硬件
- 爬楼梯 · Climbing Stairs
- Linux CentOS6.5 命令修改网络配置