Firewalld on Centos 7 相關配置
Centos 7 默認使用防火墻為Firewalld防火墻,如下是關於Firewalld防火墻的一些配置介紹。
在使用firewalld之前,我們需要先檢查一下firewalld的狀態
[[email protected] ~]# firewall-cmd --state
running
running 表示firewalld是開啟狀態並正在運行。
有的時後會顯示unit is masked,表示 防火墻被“遮蓋”,我們需要輸入一下
[[email protected] ~]# systemctl unmask firewalld
如果
[[email protected]
not running
就需要先開啟一下firewalld
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# firewall-cmd --state
running
開機啟動firewalld命令
[[email protected]~]# systemctl enable firewalld
相對應的,關閉防火墻和禁止開機啟動命令為
[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]# systemctl stop firewalld
加載防火墻配置
[[email protected] ~]# firewall-cmd --reload
success
查看防火墻所有區域
[[email protected] ~]# firewall-cmd --list-all-zones
會列列出work,drop,internal,external,trusted,home,dmz,public,block。
查看默認工作區域
[[email protected] ~]# firewall-cmd --get-default-zone
public
查看firewalld支持的服務
[[email protected]~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
對外開啟和關閉http服務
[[email protected] ~]# firewall-cmd --zone=public --add-service=http --permanent
success
[[email protected] ~]# firewall-cmd --zone=public --remove-service=http --permanent
success
配置完之後要記得reload
firewalld配置有兩種工作模式runtime和permanent,第一種重啟之後失效。
對外開啟端口如443
[[email protected] ~]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success
[[email protected] ~]# firewall-cmd --zone=public --remove-port=443/tcp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success
本文出自 “Fonphxion” 博客,請務必保留此出處http://fonphxion.blog.51cto.com/6434529/1929481
Firewalld on Centos 7 相關配置