Centos 7之Firewalld相关命令详细介绍
<p><strong>Centos 7之Firewalld相关命令详细介绍</strong></p>
<p>
引言:Centos 7是目前非常流行的Linux发行版本,本文将重点介绍如何来使用firewalld相关命令启动服务以及添加服务或者端口等操作。</p>
<p>
<strong>1. 查看firewall服务状态</strong></p>
<p>
>> systemctl status firewalld</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_372887">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># systemctl status firewalld </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">● firewalld.service - firewalld - dynamic firewall daemon </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">Loaded: loaded (</code><code class="bash plain">/usr/lib/systemd/system/firewalld</code><code class="bash plain">.service; disabled; vendor preset: enabled) </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash plain">Active: inactive (dead) </code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
显示当前的firewall并未启动</p>
<p>
2. 启动/关闭firewall</p>
<p>
>> systemctl start/stop firewalld</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_594649">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">root@flybird ~]</code><code class="bash comments"># systemctl start firewalld </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"></code><code class="bash comments"># systemctl status firewalld </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">● firewalld.service - firewalld - dynamic firewall daemon </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash plain">Loaded: loaded (</code><code class="bash plain">/usr/lib/systemd/system/firewalld</code><code class="bash plain">.service; disabled; vendor preset: enabled) </code>
</div>
<div class="line number5 index4 alt2">
<code class="bash spaces"> </code><code class="bash plain">Active: active (running) since Fri 2016-12-02 23:17:09 CST; 11s ago </code>
</div>
<div class="line number6 index5 alt1">
<code class="bash spaces"> </code><code class="bash plain">Main PID: 1279 (firewalld) </code>
</div>
<div class="line number7 index6 alt2">
<code class="bash spaces"> </code><code class="bash plain">CGroup: </code><code class="bash plain">/system</code><code class="bash plain">.slice</code><code class="bash plain">/firewalld</code><code class="bash plain">.service </code>
</div>
<div class="line number8 index7 alt1">
<code class="bash spaces"> </code><code class="bash plain">└─1279 </code><code class="bash plain">/usr/bin/python</code> <code class="bash plain">-Es </code><code class="bash plain">/usr/sbin/firewalld</code> <code class="bash plain">--nofork --nopid </code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
3. 禁用或者启用firewall</p>
<p>
>> systemctl disable/enable firewalld</p>
<p>
4. 查看端口是否开放</p>
<p>
>>> firewall-cmd --query-port=8020/tcp</p>
<p>
5. 新增开发端口</p>
<p>
>> firewall-cmd --add-port=5000/tcp --permanent</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_582448">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># firewall-cmd --query-port=5000/tcp </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">no </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"></code><code class="bash comments"># firewall-cmd --add-port=5000/tcp --permanent </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">success </code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
6. 关于服务</p>
<p>
>> firewall-cmd --add-service=ftp --permanent</p>
<p>
>> firewall-cmd --remove-service=ftp --permanent</p>
<p>
7. 查看firewall状态</p>
<p>
>> firewall-cmd --status</p>
<p>
>> systemctl status firewalld</p>
<p>
8. 查看 firewall目前开放的内容</p>
<p>
>> firewall-cmd --list-all</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_583599">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code><code class="bash comments"># firewall-cmd --list-all </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">public (default) </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">interfaces: </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash plain">sources: </code>
</div>
<div class="line number5 index4 alt2">
<code class="bash spaces"> </code><code class="bash plain">services: dhcpv6-client http </code><code class="bash functions">ssh</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash spaces"> </code><code class="bash plain">ports: 443</code><code class="bash plain">/tcp</code> <code class="bash plain">80</code><code class="bash plain">/tcp</code> <code class="bash plain">3306</code><code class="bash plain">/tcp</code> <code class="bash plain">6739</code><code class="bash plain">/tcp</code> <code class="bash plain">10051</code><code class="bash plain">/tcp</code> <code class="bash plain">10050</code><code class="bash plain">/tcp</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash spaces"> </code><code class="bash plain">masquerade: no </code>
</div>
<div class="line number8 index7 alt1">
<code class="bash spaces"> </code><code class="bash plain">forward-ports: </code>
</div>
<div class="line number9 index8 alt2">
<code class="bash spaces"> </code><code class="bash plain">icmp-blocks: </code>
</div>
<div class="line number10 index9 alt1">
<code class="bash spaces"> </code><code class="bash plain">rich rules: </code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
9. 查看开发的端口</p>
<p>
>> firewall-cmd --list-port</p>
<p>
10. 查看firewall-cmd命令的使用说明</p>
<p>
>> firewall-cmd --help</p>
<p>
感谢阅读,希望能帮助到大家,谢谢大家对本站的支持!</p>
<p>
原文链接:http://blog.csdn.net/blueheart20/article/details/53440359</p>
頁:
[1]