文章目录
- 四、Linux自带防火墙
- 1. 查看linux的防火墙状态
- 2. 查看已经对外开放的端口
- 3. 开放端口 重载防火墙配置
- 4. filewalld常用命令
四、Linux自带防火墙
前言: CentOS7 端口的开放关闭查看都是用防火墙来控制的
1. 查看linux的防火墙状态
[root@8 ~]
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2021-07-11 09:16:03 CST; 1 weeks 2 days ago
Docs: man:firewalld(1)
Main PID: 29961 (firewalld)
Tasks: 2
Memory: 30.9M
CGroup: /system.slice/firewalld.service
└─29961 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Jul 11 09:16:03 8.140.135.169 systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 11 09:16:03 8.140.135.169 systemd[1]: Started firewalld - dynamic firewall daemon.
Jul 11 09:16:03 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Jul 11 09:36:08 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Jul 11 10:56:40 8.140.135.169 firewalld[29961]: WARNING: ALREADY_ENABLED: 80:tcp
Jul 11 10:57:08 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Jul 11 10:57:41 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Jul 12 09:01:08 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Jul 12 10:46:25 8.140.135.169 firewalld[29961]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future rel...ling it now.
Hint: Some lines were ellipsized, use -l to show in full.
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210720114056458.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L01pc3Rlcl95YW5n,size_16,color_FFFFFF,t_70#pic_center)
2. 查看已经对外开放的端口
[root@8 ~]
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 80/tcp 443/tcp 22/tcp 68/tcp 3306/tcp 6379/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@8 ~]
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210720114108598.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L01pc3Rlcl95YW5n,size_16,color_FFFFFF,t_70#pic_center)
3. 开放端口 重载防火墙配置
例如需要开放9876端口
[root@8 ~]
success
[root@8 ~]
success
命令含义:
–zone
–add-port=80/tcp
–permanent
firewall-cmd --reload 并不中断用户连接,即不丢失状态信息
4. filewalld常用命令
查看版本: firewall-cmd --version
查看帮助: firewall-cmd --help
显示状态: firewall-cmd --state
查看所有打开的端口: firewall-cmd --zone=public --list-ports
更新防火墙规则: firewall-cmd --reload
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:firewall-cmd --panic-on
取消拒绝状态: firewall-cmd --panic-off
查看是否拒绝: firewall-cmd --query-panic
启动:systemctl start firewalld
关闭: systemctl stop firewalld
查看状态: systemctl status firewalld
开机禁用 : systemctl disable firewalld
开机启用 : systemctl enable firewalld
启动一个服务:systemctl start firewalld.service
关闭一个服务:systemctl stop firewalld.service
重启一个服务:systemctl restart firewalld.service
显示一个服务的状态:systemctl status firewalld.service
在开机时启用一个服务:systemctl enable firewalld.service
在开机时禁用一个服务:systemctl disable firewalld.service
查看服务是否开机启动:systemctl is-enabled firewalld.service
查看已启动的服务列表:systemctl list-unit-files|grep enabled
查看启动失败的服务列表:systemctl --failed
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)