centos 7中firewall防火墙的常用命令总结

隔壁班的达达哥 發表於 2023-8-21 00:00:00

centos 7中firewall防火墙的常用命令总结

<p>
<span><strong>前言</strong></span></p>
<p>
在CentOS7.0中默认使用firewall代替了iptables service。虽然继续保留了iptables命令，但已经仅是名称相同而已。</p>
<p>
firewall是centos7的一大特性，最大的好处有两个：</p>
<ol>
<li>
支持动态更新</li>
<li>
不用重启服务；</li>
</ol>
<p>
关于CentOS7下Firewall防火墙配置用法可以通过这篇文章进行查看，下面来看看本文的主要内容关于centos 7中firewall防火墙的常用命令，需要的朋友们可以参考学习。</p>
<p>
<span><strong>一、开启、关闭firewall</strong></span></p>
<p>
启动：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_456568">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">systemctl start firewalld</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
查看状态：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_495094">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">systemctl status firewalld 或者 firewall-cmd –state</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
停止：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_519409">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">systemctl disable firewalld</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
禁用：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_774905">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">systemctl stop firewalld</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>二、端口操作</strong></span></p>
<p>
打开一个端口：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_123086">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –add-port=8080</code><code class="bash plain">/tcp</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
关闭一个端口：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_816440">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –remove-port=8080</code><code class="bash plain">/tcp</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
打开某项服务：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_463908">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –add-service=http</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
关闭某项服务：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_826200">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –remove-service=http</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
进行端口转发：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_310844">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
允许转发到其他地址：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_679275">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –permanent –add-masquerade</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
重新加载防火墙：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_688887">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –reload</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>三、配置firewall</strong></span></p>
<p>
查看版本：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_629285">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –version</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
查看帮助：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_259272">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –help</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
查看设置：</p>
<ul>
<li>
显示状态：<code>$ firewall-cmd –state</code>
</li>
<li>
查看区域信息: <code>$ firewall-cmd –get-active-zones</code>
</li>
<li>
查看指定接口所属区域：<code>$ firewall-cmd –get-zone-of-interface=eth0</code>
</li>
</ul>
<p>
拒绝所有包：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_211486">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –panic-on</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
取消拒绝状态：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_509240">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –panic-off</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
查看是否拒绝：</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_10854">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">firewall-cmd –query-panic</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是关于centos7中firewall防火墙常用命令的全部内容了，希望本文的内容对大家的学习或者工作能带来一定的帮助，如果有疑问大家可以留言交流，谢谢大家对服务器之家的支持。</p>
<p>
原文链接：http://i.jakeyu.top/2017/02/27/centos7中firewall防火墙常用命令/</p>

頁: [1]

琼殿技术论坛's Archiver

centos 7中firewall防火墙的常用命令总结