搬瓦工服务器centos7开启/设定防火墙

    |     2021年11月27日   |   学习偶记   |     评论已关闭   |    541

运行防火墙命令时候,发现提示:FirewallD is not running

开启:systemctl start firewalld

查看状态:firewall-cmd –state

服务被锁定无法添加规则,解除锁定: systemctl unmask firewalld

锁定防火墙:systemctl mask firewalld

关闭防火墙:systemctl stop firewalld

给public规则添加3306端口:firewall-cmd –permanent –zone=public –add-port=3306/tcp

开放指定端口:firewall-cmd –zone=public –add-port=1935/tcp –permanent

关闭/删除指定端口:firewall-cmd –zone=public –remove-port=5672/tcp –permanent

重启防火墙:firewall-cmd –reload

重新启动:systemctl start firewalld.service //方法2

检查是否允许伪装IP:firewall-cmd –query-masquerade

允许防火墙伪装IP:firewall-cmd –permanent –add-masquerade

禁止防火墙伪装IP:firewall-cmd –permanent –remove-masquerade

增加规则:firewall-cmd –permanent —add-rich-rule=”rule family=’ipv4′ source address=’10.2.7.202/32′ port protocol=’tcp’ port=’1024′ accept”

防火墙规则列表:firewall-cmd –list-all 

编辑防火墙规则:vi /etc/firewalld/zones/public.xml

列出所有类型public 的端口:firewall-cmd –zone=public –list-ports

临时删除端口:firewall-cmd –remove-port=8056/tcp

永久删除卡对外开放的端口:firewall-cmd –zone=public –remove-port=8005/tcp –permanent

添加转发规则:firewall-cmd –permanent –add-forward-port=port=1024:proto=tcp:toaddr=10.2.7.201:toport=2048

删除转发规则:firewall-cmd –permanent –zone=public –remove-forward-port=port=8056:proto=tcp:toaddr=xxx.xx.xx.xxx:toport=3356

记得参数都是两个减号 – – ,因为系统原因,都只显示一个参数。

上一篇:

没有了

已经是最新文章

噢!评论已关闭。