阿里雲ECS伺服器CentOS7防火牆firewalld設定

vip1888發表於2017-12-17
阿里伺服器CentOS防火牆
阿里雲ECS伺服器CentOS7防火牆firewalld設定
———————————————-
使用root登入
1.確保伺服器系統處於最新狀態
[root@localhost ~]# yum -y update
如果顯示以下內容說明已經更新完成
Complete!
2.重啟伺服器
[root@localhost ~]# reboot
3.安裝防火牆
[root@localhost ~]# yum install firewalld
4.設定在開機時啟用防火牆服務
[root@localhost ~]# systemctl enable firewalld.service
4.檢視防火牆狀態
[root@localhost ~]# systemctl status firewalld
5.啟動防火牆
[root@localhost ~]# systemctl start firewalld
6.增加80埠到防火牆規則
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=80/tcp
7.增加3306埠到防火牆規則
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=3306/tcp
8.增加21埠到防火牆規則
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=21/tcp
9.增加33000埠到防火牆規則
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=33000-33003/tcp
10.設定HTTP協議服務被允許
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-service=http
11.使最新的防火牆設定規則生效
[root@localhost ~]# firewall-cmd –reload
12.重啟防火牆服務
[root@localhost ~]# systemctl restart firewalld.service
——————————————————–
firewalld的基本使用
# 使最新的防火牆設定規則生效
[root@localhost ~]# firewall-cmd –reload 
# 查詢ssh協議服務是否被允許
[root@localhost ~]# firewall-cmd –zone=public –query-service=ssh
# 查詢HTTP協議服務是否被允許
[root@localhost ~]# firewall-cmd –zone=public –query-service=http
# 啟動
[root@localhost ~]# systemctl start firewalld
# 檢視狀態
[root@localhost ~]# systemctl status firewalld 
# 停止
[root@localhost ~]# systemctl disable firewalld
# 禁用
[root@localhost ~]# systemctl stop firewalld 
#啟動服務
[root@localhost ~]# systemctl start firewalld.service
# 關閉服務
[root@localhost ~]# systemctl stop firewalld.service
# 重啟服務
[root@localhost ~]# systemctl restart firewalld.service
# 顯示一個服務的狀態
[root@localhost ~]# systemctl status firewalld.service
# 在開機時啟用一個服務
[root@localhost ~]# systemctl enable firewalld.service
# 在開機時禁用一個服務
[root@localhost ~]# systemctl disable firewalld.service
# 檢視服務是否開機啟動
[root@localhost ~]# systemctl is-enabled firewalld.service
# 檢視已啟動的服務列表
[root@localhost ~]# systemctl list-unit-files|grep enabled
# 檢視啟動失敗的服務列表
[root@localhost ~]# systemctl –failed
# 檢視版本
[root@localhost ~]# firewall-cmd –version
# 檢視幫助
[root@localhost ~]# firewall-cmd –help
# 顯示狀態
[root@localhost ~]# firewall-cmd –state
# 檢視所有開啟的埠
[root@localhost ~]# firewall-cmd –zone=public –list-ports
# 更新防火牆規則
[root@localhost ~]# firewall-cmd –reload
# 檢視區域資訊
[root@localhost ~]# firewall-cmd –get-active-zones
# 檢視指定介面所屬區域
[root@localhost ~]# firewall-cmd –get-zone-of-interface=eth0
# 拒絕所有包
[root@localhost ~]# firewall-cmd –panic-on
# 取消拒絕狀態
[root@localhost ~]# firewall-cmd –panic-off
# 檢視是否拒絕
[root@localhost ~]# firewall-cmd –query-panic
 
# 埠新增(–permanent永久生效,沒有此引數重啟後失效)
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=80/tcp
# 使最新的防火牆設定規則生效
[root@localhost ~]# firewall-cmd –reload 
# 檢視80埠
[root@localhost ~]# firewall-cmd –zone=public –query-port=80/tcp
# 刪除80埠
[root@localhost ~]# firewall-cmd –permanent –zone=public –remove-port=80/tcp
# 刪除21埠
[root@localhost ~]# firewall-cmd –permanent –zone=public –remove-port=21/tcp
# 刪除HTTP協議服務
[root@localhost ~]# firewall-cmd –permanent –zone=public –remove-service=http
# 增加3306埠到防火牆規則tcp
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=3306/tcp
# 增加3306埠到防火牆規則udp
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=3306/udp
# 檢視當前的區域
[root@localhost ~]# firewall-cmd –get-default-zone
# 檢視當前的服務
[root@localhost ~]# firewall-cmd –zone=public –list-services
# 安裝圖形化使用者介面工具 firewall-config,則以 root 使用者身份執行下列命令
[root@localhost ~]# yum install firewall-config
# 檢查防火牆版本
[root@localhost ~]# firewall-cmd –version
# 檢視幫助
[root@localhost ~]# firewall-cmd –help


相關文章