Firewalld

Firewalld

什么是firewalld防火墙规则：允许哪些服务端口被放行，怎么放行，以及哪些服务端口被阻拦，如何进行阻拦的一组网络安全规则。支持ipv4和ipv6，且分为直接规则和富规则两种。

1.查看防火墙放行的服务

[root@localhost ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 99/tcp 39000-40000/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

2.在防火墙中放行某服务，并设为永久生效

[root@localhost ~]# firewall-cmd --permanent --add-service=http(协议名)
success

3.刷新（重新加载）防火墙配置

[root@localhost ~]# firewall-cmd --reload 
success

4.添加一条富规则

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 service name=ftp accept' 
success

5.删除一条富规则

root@localhost ~]# firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 service name=ftp accept'
success

6.为某个具体的服务设置一个攻击域

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 service name=ssh reject'
success

7.添加端口到防火墙中

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 port port=80 protocol=tcp accept'
success

8.添加端口转发

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 forward-port port=5423 protocol=tcp to-port=80'
success