CentOS7中防火墙的一些常用配置介绍
<p>centos 7中防火墙是一个非常的强大的功能了,但对于centos 7中在防火墙中进行了升级了,下面我们一起来详细的看看关于CentOS7中防火墙的一些常用配置。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_322344">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
<div class="line number28 index27 alt1">
28</div>
<div class="line number29 index28 alt2">
29</div>
<div class="line number30 index29 alt1">
30</div>
<div class="line number31 index30 alt2">
31</div>
<div class="line number32 index31 alt1">
32</div>
<div class="line number33 index32 alt2">
33</div>
<div class="line number34 index33 alt1">
34</div>
<div class="line number35 index34 alt2">
35</div>
<div class="line number36 index35 alt1">
36</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># 启动 </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">systemctl start firewalld</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash comments"># 查看状态</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">systemctl status firewalld</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash comments"># 停止关闭</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain">systemctl disable firewalld</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">systemctl stop firewalld</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash comments"># 把一个源地址加入白名单,以便允许来自这个源地址的所有连接</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments"># 这个在集群中使用常见</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash comments"># 设置后利用firewall-cmd --reload更新防火墙规则</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash plain">firewall-cmd --add-rich-rule </code><code class="bash string">'rule family="ipv4" source address="192.168.1.215" accept'</code> <code class="bash plain">--permanent</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash plain">firewall-cmd --reload</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash comments"># 特定域内的用户通过ssh可以连接,24标识255.255.255.0</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain">firewall-cmd --remove-service=</code><code class="bash functions">ssh</code> <code class="bash plain">--permanent</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash plain">firewall-cmd --add-rich-rule </code><code class="bash string">'rule family=ipv4 source address=172.16.30.0/24 service name=ssh accept'</code> <code class="bash plain">--permanent </code>
</div>
<div class="line number16 index15 alt1">
<code class="bash plain">firewall-cmd --reload</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash plain">firewall-cmd --list-all </code>
</div>
<div class="line number18 index17 alt1">
<code class="bash comments"># 将一个用户加入白名单</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash plain">firewall-cmd --add-lockdown-whitelist-user=hadoop --permanent</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash plain">firewall-cmd --reload</code>
</div>
<div class="line number21 index20 alt2">
<code class="bash comments"># 将用户id从白名单中去掉</code>
</div>
<div class="line number22 index21 alt1">
<code class="bash plain">firewall-cmd --remove-lockdown-whitelist-uid=uid</code>
</div>
<div class="line number23 index22 alt2">
<code class="bash plain">firewall-cmd --reload</code>
</div>
<div class="line number24 index23 alt1">
<code class="bash comments"># 查看所有打开的端口:</code>
</div>
<div class="line number25 index24 alt2">
<code class="bash plain">firewall-cmd --list-ports</code>
</div>
<div class="line number26 index25 alt1">
<code class="bash comments"># 在某个区域打开端口</code>
</div>
<div class="line number27 index26 alt2">
<code class="bash plain">firewall-cmd --zone=public --add-port=8080</code><code class="bash plain">/tcp</code> <code class="bash plain">--permanent</code>
</div>
<div class="line number28 index27 alt1">
<code class="bash comments"># 关闭端口</code>
</div>
<div class="line number29 index28 alt2">
<code class="bash plain">firewall-cmd --remove-port=465</code><code class="bash plain">/tcp</code>
</div>
<div class="line number30 index29 alt1">
<code class="bash comments"># 打开服务,参见/etc/firewalld 目录下services文件夹中的服务,可以配置</code>
</div>
<div class="line number31 index30 alt2">
<code class="bash plain">firewall-cmd --permanent --zone=public --add-service=samba</code>
</div>
<div class="line number32 index31 alt1">
<code class="bash plain">firewall-cmd --add-service=http --permanent </code>
</div>
<div class="line number33 index32 alt2">
<code class="bash plain">firewall-cmd --reload</code>
</div>
<div class="line number34 index33 alt1">
<code class="bash comments"># 关闭服务</code>
</div>
<div class="line number35 index34 alt2">
<code class="bash plain">firewall-cmd --zone=public --remove-service=samba</code>
</div>
<div class="line number36 index35 alt1">
<code class="bash plain">firewall-cmd --reload</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
</p>
<p>
官方文档以及常用参考:</p>
<p>
https://access.redhat.com/documentation/zh-CN/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html</p>
<p>
https://www.server-world.info/en/note?os=CentOS_7&p=firewalld</p>
<p>
以上所述是小编给大家介绍的CentOS7中防火墙的一些常用配置介绍,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持!</p>
<p>
原文链接:http://www.cnblogs.com/learn21cn/archive/2016/12/05/6132499.html</p>
頁:
[1]