在centos 7中,引入了新的防火牆服務firewall,但其依然是建構在iptables基礎上的,其關系如下圖:
圖檔來源于網絡,侵删今天分享下firewall的常用管理指令
安裝與啟動安裝 => [[email protected] ~]# yum install firewalld
啟用 => [[email protected] ~]# systemctl start firewalld
狀态 => [[email protected] ~]# systemctl status firewalld
禁用 => [[email protected] ~]# systemctl disable firewalld
停止 => [[email protected] ~]# systemctl stop firewalld
自啟 => [[email protected] ~]#systemctl enable firewalld.service
基礎配置
添加22端口[[email protected] ~]#firewall-cmd --zone=public --add-port=22/tcp --permanent
(permanent參數表示永久生效)
删除22端口[[email protected] ~]#firewall-cmd --zone= public --remove-port=22/tcp --permanent
ICMP回顯打開和關閉(ping)[[email protected] ~]#firewall-cmd --permanent --remove-icmp-block=echo-request
[[email protected] ~]#irewall-cmd --permanent --add-icmp-block=echo-request
規則生效[[email protected] ~]#firewall-cmd --reload
資訊查詢
檢視網卡所屬區域[[email protected] ~]#firewall-cmd --get-zone-of-interface=ens32
檢視端口開放清單
檢視所有區域的資訊
rich rules(富規則)rich rules用于實作更強的功能,如日志syslog和auditd、端口轉發、僞裝和限制速率等,或者是實作更為詳細的允許/限制條件
如開放指定端口給指定的IP[[email protected] ~]#firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.3.10" port protocol="tcp" port="22" accept"
即隻有192.168.3.10可以通路本地的22端口
後面我們會分享更為詳細的rich rules知識
圖檔來源于網絡,侵删