云服务器优惠网如何安装centos7防火墙firewalld?防火墙能有效过滤掉非授权端口的要求,是保证服务器的第一步。许多防火墙软件,如firewalld,可以安装在centos中、iptables、ufw等,但iptables在centos7中已被废弃。本文主要讲述firewalld的使用。
牢记:想生效 记得reload。firewall-cmd –reload
firewall-cmd –reload
centos7 firewalld安装防火墙:
yum install firewalld -y
centos7 防火墙firewalld管理命令:
#启动
systemctl start firewalld.service
#重启
systemctl restart firewalld.service
#设置启动启动
systemctl enable firewalld.service
#关闭启动启动
systemctl disable firewalld.service
centos7 防火墙firewaldld 端口增加:
增加了公共港口
firewall-cmd –zone=public –add-port=80/tcp –permanent
增加永久生效的tcp:80端口,–permanent永久生效,重启后无此参数无效。
增加后需要重载配置或重启防火墙,否则无法生效。
firewall-cmd –reload
批量增加公共端口
firewall-cmd –permanent –zone=public –add-port=60000-61000/tcp
#TCP端口批量开放60000-61000
firewall-cmd –permanent –zone=public –add-port=100-500/udp
#udp端口批量开放100-500
增加私人端口(指定ip或ip段访问)
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/16″ accept”
#允许192.168.0.1/16 访问所有端口
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ accept”
#允许192.168.0.3 访问所有端口
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.3″ port protocol=”tcp” port=”12345″ accept”
#允许192.168.0.3 访问TCP:12345端口
centos7 防火墙firewaldld 端口的查看
firewall-cmd –list-all
#记住这篇文章,列出所有开放的端口(包括私人)
firewall-cmd –zone=public –list-ports
#public公共端口仅列出
centos7 防火墙firewaldld 删除端口:
删除单个公共端口
firewall-cmd –zone=public –remove-port=80/tcp –permanent
删除ip段等自定义规则
#首先,list-allll查看list-alllll
firewall-cmd –list-all
#然后
firewall-cmd –permanent –remove-rich-rule=”此”直接复制列出的规则;
例: firewall-cmd –permanent –remove-rich-rule=”firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”192.168.0.1/19″ accept””
即: firewall-cmd –permanent –remove-rich-rule=””
centos7 防火墙firewaldld 禁止ping:
firewall-cmd –add-rich-rule=”rule protocol value=icmp drop” –permanent
牢记:想生效 记得reload。firewall-cmd –reload
