CentOS 7.0設定防火牆
阿新 • • 發佈:2019-01-01
CentOS 7.0設定防火牆
CentOS 7.0預設使用的是firewall作為防火牆, 使用systemctl來管理服務和程式,包括了service和chkconfig
1、檢視預設防火牆狀態(關閉後顯示not running,開啟後顯示running)
[[email protected] ~]# firewall-cmd --state
not running
2、檢查防火牆的狀態
[[email protected] ~]# systemctl list-unit-files|grep firewalld.service
firewalld.service disabled
或者:
[ [email protected] ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead) --表示防火牆已經關閉
Docs: man:firewalld(1)
3、開啟防火牆
[[email protected]
~]#systemctl start firewalld.service --啟動firewall [[email protected] ~]# systemctl enable firewalld.service --開機時啟動firewall Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
4、關閉防火牆:
[[email protected] ~]#systemctl stop firewalld.service --停止firewall
[[email protected] ~]# systemctl disable firewalld.service --禁止firewall開機啟動
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
5、重啟防火牆
[[email protected] ~]# systemctl restart firewalld.service
6、檢視防火牆是否開機自啟
[[email protected] ~]# systemctl is-enabled firewalld.service;echo $?
enabled --自啟
0
或者:
[[email protected] ~]# systemctl is-enabled firewalld.service;echo $?
disabled --不自啟
1
7、檢視已啟動的服務列表
[[email protected] ~]# systemctl list-unit-files|grep enabled
auditd.service enabled
[email protected] enabled
avahi-daemon.service enabled
crond.service enabled
8、開啟埠
[[email protected] ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
命令含義:
–zone #作用域
–add-port=80/tcp #新增埠,格式為:埠/通訊協議
–permanent #永久生效,沒有此引數重啟後失效
9、檢視已經開放的埠
[[email protected] ~]# firewall-cmd --list-port
80/tcp
10、遮蔽FirewallD服務
[[email protected] ~]#systemctl mask firewalld
還可以通過建立一個firewall.service到/dev/null的符號連線來遮蔽防火牆服務。
11、反遮蔽FirewallD服務
[[email protected] ~]#systemctl unmask firewalld
這是反遮蔽FirewallD服務,它會移除遮蔽FirewallD服務時建立的符號連結,故能重新啟用服務。
12、檢查是否已安裝防火牆
[[email protected] ~]#yum install firewalld firewall-config
13、下面說下CentOS7和6的預設防火牆的區別
vi /etc/sysconfig/iptables
增加規則
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
儲存退出後
systemctl restart iptables.service #重啟防火牆使配置生效
systemctl enable iptables.service #設定防火牆開機啟動
14、最後重啟系統使設定生效即可
systemctl start iptables.service #開啟防火牆
systemctl stop iptables.service #關閉防火牆