linux 的防火牆簡單設定

1. 檢查防火牆狀態

• 程式碼

firewall-cam --state

[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]

2. 防火牆配置

• linux系統中有個配置檔案，裡面配置了開機後防火牆應該怎麼工作

[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#

• 關閉防火牆

[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
 

• 開啟防火牆

systemctl enable firewalld.service

• 但是，只會在下一次開機後才會啟用當前配置

3. 手動關閉防火牆

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]#

4. 手動開啟防火牆

[root@localhost ~]# systemctl start firewalld.service
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
 

5. 檢查開放的埠

firewall-cmd --list-ports

6. 查詢指定埠

[root@localhost ~]# firewall-cmd --query-port=80/tcp
no
[root@localhost ~]#p

7. 開放指定埠

[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@localhost ~]#

可以開放一個範圍的埠

[root@localhost ~]# firewall-cmd --zone=public --add-port=19-21/tcp --permanent
success
[root@localhost ~]#
 

8. 移除指定埠

[root@localhost ~]# firewall-cmd --zone=public --remove-port=80/tcp --permanent
success
[root@localhost ~]#

也可以移除範圍的埠

[root@localhost ~]# firewall-cmd --zone=public --remove-port=19-21/tcp --permanent
success
[root@localhost ~]#

注：開啟或關閉了防火牆，需要重新載入防火牆後才會生效

[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# 

[root@localhost ~]# firewall-cmd --query-port=80/tcp
yes
[root@localhost ~]#