CentOS 7防火墙操作
CentOS中安装了某些服务,但是通过远程无法访问,则有可能是防火墙没有打开响应的端口造成的限制。
一、查看防火墙运行状态
# systemctl status firewalld Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 五 2019-06-28 14:41:23 CST; 8h ago //反馈以上信息,提示active(rinning)表明防火墙正在运行,提示inactive(dead)则表明防火墙未运行
二、启动、停止、重启防火墙
# systemctl start firewalld # systemctl stop firewalld # systemctl restart firewalld
四、启用、禁用防火墙(自启动)
# systemctl enable firewalld # systemctl disable firewalld # systemctl is-enabled firewalld
五、显示当前防火墙规则
# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: ssh dhcpv6-client ports: 3306/tcp 80/tcp //表明3306和80两个端口是打开的 protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
六、在防火墙中添加需要开放的PORT,提示success,表示设置成功。要注意了解使用的是TCP还是UDP。
# firewall-cmd --permanent --zone=public --add-port=3306/tcp # firewall-cmd --permanent --zone=public --add-port=82-85/tcp # firewall-cmd --permanent --zone=public --remove-port=443/tcp
七、针对指定IP开放指定端口。
//添加 # firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="22" accept" # firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="22" accept" # firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="4001-4004" accept" //删除 # firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="22" accept"
参考资料:
https://www.cnblogs.com/leoxuan/p/8275343.html