【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- | ImapBox

【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-

11 五月
星期一, 11 五月 2020 10:35 Last Updated on 星期一, 11 五月 2020 10:35 0 Comments


防火墙管理

CentOS7防火墙

CentOS7默认安装了firewalld防火墙

利用防火墙,我们可以允许或是限制传输的数据通过

firewall

【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-

1、直接关闭防火墙

systemctl status firewalld (查看防火墙状态)

systemctl stop firewalld (停止防火墙)

systemctl disable firewalld(禁止开机启动)

eg:

[root@liuawen ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)    Active: active (running) since Sun 2020-05-10 16:04:31 CST; 41min ago      Docs: man:firewalld(1)  Main PID: 31591 (firewalld)    CGroup: /system.slice/firewalld.service            └─31591 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid  May 10 16:04:31 liuawen systemd[1]: Starting firewalld - dynamic firewall daemon... May 10 16:04:31 liuawen systemd[1]: Started firewalld - dynamic firewall daemon. May 10 16:04:32 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). May 10 16:04:32 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). May 10 16:29:05 liuawen firewalld[31591]: WARNING: NOT_ENABLED: 8010-8015:tcp May 10 16:32:04 liuawen firewalld[31591]: WARNING: NOT_ENABLED: 2181:tcp May 10 16:37:21 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). May 10 16:37:21 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). Hint: Some lines were ellipsized, use -l to show in full. [root@liuawen ~]# systemctl stop firewalld [root@liuawen ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. [root@liuawen ~]# systemctl is-enabled firewalld.service disabled [root@liuawen ~]#

2、firewalld防火墙的基本使用

开启、关闭、重启、禁用、查看防火墙

firewall-cmd --state  查看防火墙的状态state firewall-cmd --state  停止防火墙:  systemctl stop firewalld 开启防火墙:  systemctl start firewalld 查看防火墙状态:systemctl status firewalld 重新启动防火墙:systemctl restart firewalld 开机禁用就是开机不启动防火墙服务 : systemctl disable firewalld 开机启用防火墙服务  : systemctl enable firewalld   查看防火墙服务是否开机启动:systemctl is-enabled firewalld.service  查看版本: firewall-cmd --version 显示状态: firewall-cmd --state 查看帮助: firewall-cmd --help 更新防火墙规则: firewall-cmd --reload 查看所有打开的端口: firewall-cmd --zone=public --list-ports

eg:

[root@liuawen ~]#  firewall-cmd --reload success [root@liuawen ~]# firewall-cmd --version 0.6.3 [root@liuawen ~]# firewall-cmd --state  running [root@liuawen ~]# systemctl stop firewalld [root@liuawen ~]# systemctl start firewalld [root@liuawen ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)    Active: active (running) since Sun 2020-05-10 16:03:38 CST; 45s ago      Docs: man:firewalld(1)  Main PID: 31323 (firewalld)     Tasks: 2    Memory: 21.9M    CGroup: /system.slice/firewalld.service            └─31323 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid  May 10 16:03:38 liuawen systemd[1]: Starting firewalld - dynamic firewall daemon... May 10 16:03:38 liuawen systemd[1]: Started firewalld - dynamic firewall daemon. May 10 16:03:38 liuawen firewalld[31323]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). May 10 16:03:39 liuawen firewalld[31323]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?). Hint: Some lines were ellipsized, use -l to show in full. [root@liuawen ~]# systemctl restart firewalld [root@liuawen ~]#  systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. [root@liuawen ~]# systemctl enable firewalld.service Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service. [root@liuawen ~]# systemctl enable firewalld.service [root@liuawen ~]# systemctl is-enabled firewalld.service enabled [root@liuawen ~]#

CentOS7 我执行service firewall start,错误信息[root@liuawen ~]# service firewall start Redirecting to /bin/systemctl start firewall.service Failed to start firewall.service: Unit not found. [root@liuawen ~]# systemctl start firewalld

可以执行systemctl start firewalld这个。

3、防火墙端口管理

开放删除端口

firewall-cmd --permanent --add-port=2181/tcp firewall-cmd -reload firewall-cmd --permanent --remove-port=2181/tcp firewall-cmd --permanent --list-ports

–permanent参数是永久生效,没有此参数时,重新启动系统之前的开启或删除端口失效了。

–reload重新加载

firewall-cmd --permanent --add-port=8080-8085/tcp设置一个范围 ,--remove-port=8080-8085删除也是一个范围 。

查看开启的端口和服务

firewall-cmd --permanent --list-ports

eg:

[root@liuawen ~]# firewall-cmd --permanent --remove-port=2181/tcp Warning: NOT_ENABLED: 2181:tcp success [root@liuawen ~]# firewall-cmd --permanent --add-port=2181/tcp success [root@liuawen ~]# firewall-cmd --permanent --remove-port=2181/tcp success [root@liuawen ~]# firewall-cmd --permanent --add-port=2181/tcp success [root@liuawen ~]# firewall-cmd --permanent --list-ports  20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp 2181/udp 2181/tcp [root@liuawen ~]# firewall-cmd --permanent --remove-port=2181/udp success [root@liuawen ~]# firewall-cmd --permanent --remove-port=2181/tcp success [root@liuawen ~]# firewall-cmd --permanent --list-ports  20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp [root@liuawen ~]#  firewall-cmd --reload success [root@liuawen ~]# firewall-cmd --version 0.6.3 [root@liuawen ~]# firewall-cmd --state running [root@liuawen ~]#  firewall-cmd --zone=public --list-ports 20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp [root@liuawen ~]#  firewall-cmd --get-active-zones [root@liuawen ~]# firewall-cmd --get-zone-of-interface=eth0 no zone [root@liuawen ~]# firewall-cmd --get-zone-of-interface=8080 no zone [root@liuawen ~]# firewall-cmd --get-zone-of-8080=eth0 usage: see firewall-cmd man page firewall-cmd: error: unrecognized arguments: --get-zone-of-8080=eth0 [root@liuawen ~]# firewall-cmd --zone= public --query-port=80/tcp usage: see firewall-cmd man page firewall-cmd: error: unrecognized arguments: public [root@liuawen ~]# firewall-cmd --zone=public --query-port=80/tcp yes [root@liuawen ~]# firewall-cmd --zone=public --query-port=2181/tcp no [root@liuawen ~]# firewall-cmd --permanent --add-port=2191/tcp success [root@liuawen ~]# firewall-cmd  --list-ports  20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp [root@liuawen ~]#

4、参考资料

1、Docker环境下前后端分离项目部署与运维-防火墙管理

原创文章 133获赞 47访问量 2万+

  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 2
  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 评论
  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-
    x

    海报

    扫一扫,海报

  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 5
  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客- 手机看

    到微信朋友圈

    x

    扫一扫,手机阅读

  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-打赏

    打赏

    【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-

    渐若窥宏大

    “你的鼓励将是我创作的最大动力”

    5C币 10C币 20C币 50C币 100C币 200C币

  • 【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-

【Linux】CentOS7防火墙开启、停止、关闭,添加删除开放端口运维渐若窥宏大的博客-



 
 
 
 


本页所有内容来自官方网站 https://www.imapbox.com 新闻来源:互联网搜索引擎和新闻站

本网页所有图片由 ImageBox 图片批量下载器,网页图片批量下载专家,网页图片批量下载器,获取到文章图片,下载并得到。

ImageBox 图片批量下载器 工具地址: 网页图片批量下载工具-最新版本下载

非凡下载站地址:https://www.crsky.com/soft/35838.html

本网页所有视频内容由 imoviebox边看边下-网页视频下载, iurlBox网页地址收藏管理器 下载并得到。

ImovieBox网页视频下载器 下载地址: ImovieBox网页视频下载器-最新版本下载

本文章由: imapbox邮箱云存储,邮箱网盘,ImageBox 图片批量下载器,网页图片批量下载专家,网页图片批量下载器,获取到文章图片,imoviebox网页视频批量下载器,下载视频内容,为您提供.




文章目录

  • 全球报导 (16311)
  • 全球云计算 (29506)
  • 程序员专区 (1974)
  • Imap 全球通用标准协议 (7)
  • 全球邮局列表 (17)
  • Imapbox 系列软件 (3)
  • 产品一览 (6)
  • 事业方向 (7)
  • 联系我们 (2)

官方链接

imapbox邮箱网盘 imapbox 海外官网 iMapBox百度百科

登录