linux防火墙
1、
https://blog.csdn.net/weixin_34037515/article/details/91718547
cat /etc/firewalld/zones/public.xml
修改/etc/firewalld/zones/public.xml
<port protocol="tcp" port="3306"/><!--MySQL数据库-->
保存后,运行: firewall-cmd --complete-reload 就行了。
2、
firewall-cmd --zone=public --add-port=6381/tcp --permanent
firewall-cmd --list-ports
firewall-cmd --reload
------
开放端口
ufw allow 9000 Below command enables all incoming traffic to ports ranging from 9000 to 9010. ufw allow 9000:9010/tcp
iptables -L
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/rc.d/init.d/iptables save
shell> vi /etc/sysconfig/iptables
-A INPUT -p vrrp -d 224.0.0.18/32 -j ACCEPT
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --list-all-zones
firewall-cmd --list-all
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 1 -p tcp --dport 80 -j ACCEPT
firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 1 -p tcp --dport 80 -j ACCEPT
cat /etc/firewalld/direct.xml
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
重启防火墙
systemctl restart firewalld.service
关闭防火墙
service firewalld stop
service iptables stop
开机不启动防火墙
chkconfig iptables off
centos7防火墙firewalld拒绝某ip或者某ip段访问服务器任何服务
https://www.cnblogs.com/Crazy-Liu/p/13527997.html
#禁止IP(123.56.161.140)访问机器
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'
#禁止一个IP段,比如禁止123.56.*.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.0.0/16" drop'
#禁止一个IP段,比如禁止123.56.161.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.0/24" drop'
#禁止机器IP(123.56.161.140)从防火墙中删除
firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'
firewall-cmd --zone=public --remove-rich-rule='rule family=ipv4 source address="10.2.2.192" drop' --permanent
# 查看firewalld防火墙状态 systemctl status firewalld # 查看所有打开的端口 firewall-cmd --zone=public --list-ports # 防火墙开放端口(更新firewalld防火墙规则后生效) firewall-cmd --zone=public --add-port=要开放的端口/tcp --permanent # 选项: –zone # 作用域 –add-port=80/tcp # 添加端口,格式为:端口/通讯协议 –permanent #永久生效,没有此参数重启后失效 # 示例: firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --zone=public --add-port=8161/tcp --permanent firewall-cmd --zone=public --add-port=61616/tcp --permanent # firewalld防火墙关闭接口(更新firewalld防火墙规则后生效) firewall-cmd --zone=public --remove-port=要关闭的端口/tcp --permanent # 更新firewalld防火墙规则(并不中断用户连接,即不丢失状态信息) firewall-cmd --reload systemctl restart firewalld.service # 启动firewalld防火墙 systemctl start firewalld # 关闭firewalld防火墙: systemctl stop firewalld # 开机禁用firewalld防火墙 systemctl disable firewalld systemctl disable firewalld --now # 开机启用firewalld防火墙: systemctl enable firewalld
firewall-cmd命令详解
https://www.cnblogs.com/panwenbin-logs/p/15143004.html
linux中firewalld之direct rules和rich rules(转发,伪装)
https://blog.csdn.net/weixin_40543283/article/details/84962996
第2篇:Linux防火墙-firewalld的rich规则配置
https://zhuanlan.zhihu.com/p/165605347
Linux之iptables(六、rich规则)
https://www.cnblogs.com/duanxin1/p/9860913.html
iptables详解(1):iptables概念
http://www.zsythink.net/archives/1199/
iptables详解
https://www.cnblogs.com/metoy/p/4320813.html
放行VRRP协议 (用于keepalived搭建高可用规则)
https://www.cnblogs.com/ralphdc/p/7113491.html
SUSE12 简单的防火墙设置
https://www.cnblogs.com/aldshengdeng/p/14172237.html
