Linux——防火牆設定
阿新 • • 發佈:2020-08-26
CentOS 6.X
- 檢視防水牆是否開啟
service iptables status
防水牆開啟狀態:
防水牆關閉狀態:
- 關閉防火牆
service iptables stop
- 開機關閉防火牆
chkconfig iptables off
CentOS 7.X
CentOS 7.0預設使用的是firewall作為防火牆, 使用systemctl來管理服務和程式,包括了service和chkconfig
- 檢視預設防火牆狀態
[root@localhost ~]# firewall-cmd --state
not running
注:(關閉後顯示not running,開啟後顯示running)
- 檢查防火牆的狀態
[root@localhost ~]# systemctl list-unit-files|grep firewalld.service firewalld.service disabled 或者: [root@localhost ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead)--表示防火牆已經關閉 Docs: man:firewalld(1)
- 開啟防火牆
[root@localhost ~]#systemctl start firewalld.service --啟動firewall [root@localhost ~]# systemctl enable firewalld.service --開機時啟動firewall Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from/etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
- 關閉防火牆
[root@localhost ~]#systemctl stop firewalld.service --停止firewall [root@localhost ~]# systemctl disable firewalld.service --禁止firewall開機啟動 Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
- 重啟防火牆
[root@localhost ~]# systemctl restart firewalld.service
- 檢視防火牆是否開機自啟
[root@localhost ~]# systemctl is-enabled firewalld.service;echo $? enabled --自啟 0 或者: [root@localhost ~]# systemctl is-enabled firewalld.service;echo $? disabled --不自啟 1
- 檢視已啟動的服務列表
[root@localhost ~]# systemctl list-unit-files|grep enabled auditd.service enabled [email protected] enabled avahi-daemon.service enabled crond.service enabled
- 開啟埠
[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent success 命令含義: –zone #作用域 –add-port=80/tcp #新增埠,格式為:埠/通訊協議 –permanent #永久生效,沒有此引數重啟後失效
- 檢視已經開放的埠
[root@localhost ~]# firewall-cmd --list-port
80/tcp
- 遮蔽FirewallD服務
[root@localhost ~]#systemctl mask firewalld
還可以通過建立一個firewall.service到/dev/null的符號連線來遮蔽防火牆服務。
- 反遮蔽FirewallD服務
[root@localhost ~]#systemctl unmask firewalld
這是反遮蔽FirewallD服務,它會移除遮蔽FirewallD服務時建立的符號連結,故能重新啟用服務。
- 檢查是否已安裝防火牆
[root@localhost ~]#yum install firewalld firewall-config
參考:https://blog.csdn.net/cool_summer_moon/article/details/78744009