侧边栏壁纸
博主头像
ABin' Blog 博主等级

好记性不如烂笔头

  • 累计撰写 115 篇文章
  • 累计创建 5 个标签
  • 累计收到 1 条评论

目 录CONTENT

文章目录
Linux

Linux 防火墙 (Firewalld)基本操作

ABin
ABin
2022-08-23 / 0 评论 / 0 点赞 / 18 阅读 / 0 字

#查看防火墙服务状态:

systemctl status firewalld.service (.service 写与不写效果相同)

Active: active(running)已运行

Active: inactive (dead)未运行

#当前已运行
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since 二 2022-08-23 11:28:58 CST; 7min ago
     Docs: man:firewalld(1)
 Main PID: 129324 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─129324 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid


#当前未运行
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since 二 2022-08-23 11:38:21 CST; 1s ago
     Docs: man:firewalld(1)
  Process: 129324 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 129324 (code=exited, status=0/SUCCESS)

#查看防火墙运行状态

firewall-cmd --state
#已运行
firewall-cmd --state
running

#未运行
firewall-cmd --state
not running

#启动和停止防火墙

#启动防火墙
systemctl start firewalld.service

#停止防火墙
systemctl stop firewalld.service

#查看防火墙列表

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: dhcpv6-client ssh
  ports: 20/tcp 21/tcp 22/tcp 80/tcp 443/tcp 8888/tcp 39000-40000/tcp 888/tcp 1433/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

#IP

添加ip


firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.45.2.35" accept' --permanent
success
 
firewall-cmd  --reload
success

#端口

(1)查询端口、更新防火墙规则

#查询端口
firewall-cmd --query-port=999/tcp
yes

#重新加载
firewall-cmd --reload
success

(2)临时增加(reload之后消失)

#添加999端口
firewall-cmd --add-port=999/tcp 
success

#查看999端口
firewall-cmd --query-port=999/tcp
yes

#重新加载
firewall-cmd --reload
success

#查看999端口
firewall-cmd --query-port=999/tcp
no

(3)永久增加端口(reload后生效)

#添加999端口
firewall-cmd --permanent --add-port=999/tcp
success

#查看999端口
firewall-cmd --query-port=999/tcp
no

#重新加载
firewall-cmd --reload
success

#查看999端口
firewall-cmd --query-port=999/tcp
yes

(4)临时删除端口(reload后消失)

#临时删除999端口
firewall-cmd --remove-port=999/tcp
success

#查看999端口
firewall-cmd --query-port=999/tcp
no

#重新加载
firewall-cmd --reload
success

#查看999端口
firewall-cmd --query-port=999/tcp
yes

(5)永久删除端口(reload后生效)

#删除端口(加--permanent 永久删除)
firewall-cmd --permanent --remove-port=999/tcp
success

#查看端口
firewall-cmd --query-port=999/tcp
yes

#重新加载
firewall-cmd --reload
success

#查看端口
firewall-cmd --query-port=999/tcp
no

#获取所有支持的服务

firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry docker-swarm dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target jenkins kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls managesieve mdns minidlna mongodb mosh mountd ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh syncthing syncthing-gui synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server

(1)查看服务

#查看https服务是否开启
firewall-cmd --query-service=https
yes

(2)临时增加服务(reload后失效)

#添加https
firewall-cmd --add-service=https
success

#查询https服务
firewall-cmd --query-service=https
yes

#重新加载
firewall-cmd --reload
success

#查询https服务
firewall-cmd --query-service=https
no

(3)临时删除服务(reload后失效)

#查询https服务
firewall-cmd --query-service=https
yes

#删除服务
firewall-cmd --remove-service=https
success

#查询https服务
firewall-cmd --query-service=https
no

#重新加载
firewall-cmd --reload
success

查询服务
firewall-cmd --query-service=https
no

(4)永久增加服务(reload后生效)

#永久添加http服务
firewall-cmd --permanent --add-service=http
success

#重新加载
firewall-cmd --reload
success

#查看http服务
firewall-cmd --query-service=http
yes

(5)永久删除服务(reload后生效)

#删除ssh服务
firewall-cmd --permanent --remove-service=ssh
success

#重新加载
firewall-cmd --reload
success

#查看ssh服务
firewall-cmd --query-service=ssh
no

0
版权归属: ABin
本文链接: https://blog.abin.pro/2022/RMGqqPTr
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权

评论区