CentOS-7防火墙配置信息(firewalld)
firewalld官网:https://firewalld.org/
firewalld命令手册:https://firewalld.org/documentation/man-pages/firewalld.service.html
以下是firewalld常用命令
任务 | centos-6 | centos-7 |
使某服务自动启动 | chkconfig --level 3 httpd on | systemctl enable httpd.service |
使某服务不自动启动 | chkconfig --level 3 httpd off | systemctl disable httpd.service |
检查服务状态 | service httpd status | systemctl status httpd.service |
显示所有已启动的服务 | chkconfig --list | systemctl list-units --type=service |
启动某服务 | service httpd start | systemctl start httpd.service |
停止某服务 | service httpd stop | systemctl stop httpd.service |
重启某服务 | service httpd restart | systemctl restart httpd.service |
firewalld基本命令使用
启动 | systemctl start firewalld.service |
查看状态 | systemctl status firewalld.service |
开机自启 | systemctl enable firewalld.service |
关闭开机自启 | systemctl disable firewalld.service |
停止运行 | systemctl stop firewalld.service |
firewall-cmd基本使用
查看版本 | firewall-cmd --version |
查看帮助 | firewall-cmd --help |
查看所有打开的端口 | firewall-cmd --zone=public --list-ports |
刷新防火墙规则 | firewall-cmd --reload |
查看区域信息 | firewall-cmd --get-active-zones |
查看指定接口所属区域 | firewall-cmd --get-zone-of-interface=eth0 |
拒绝所有包 | firewall-cmd --panic-on |
取消拒绝状态 | firewall-cmd --panic-off |
查看是否拒绝 | firewall-cmd --query-panic |
开启一个端口 |
firewall-cmd --zone=public --add-port=8080/tcp --permanent (--permanent永久生效,没有此参数重启后失效) |
关闭一个端口 | firewall-cmd --zone= public --remove-port=8080/tcp --permanent |