网站首页 > linux / 正文
安装Firewall
sudo apt install -y firewalldFirewall-cmd 基本操作命令
# 开启防火墙
sudo systemctl start firewalld.service
# 防火墙开机启动
sudo systemctl enable firewalld.service
# 关闭防火墙
sudo systemctl stop firewalld.service
# 禁用防火墙
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld
# 查看防火墙状态
sudo firewall-cmd --state
# 查看现有的规则
sudo firewall-cmd --zone=public --list-ports
sudo firewall-cmd --zone=public --list-service
# 重载防火墙配置
sudo firewall-cmd --reload
# 添加单个单端口
sudo firewall-cmd --permanent --zone=public --add-port={端口号}/tcp
# 添加多个端口
sudo firewall-cmd --permanent --zone=public --add-port={端口号}-{端口号}/tcp
# 删除某个端口
sudo firewall-cmd --permanent --zone=public --remove-port={端口号}/tcp
# 添加单个服务
sudo firewall-cmd --permanent --zone=public --add-service={服务名}
# 移除单个服务
sudo firewall-cmd --permanent --zone=public --remove-service={服务名}
# 删除单个服务
sudo firewall-cmd --permanent --zone=public --delete-service={服务名}
# 针对某个 IP开放端口
sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}" port protocol="tcp" port="{端口号}" accept"
sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}" accept"
# 删除某个IP
sudo firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="{IP}" accept"
# 针对一个ip段访问
sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}/24" accept"
sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}/24" port protocol="tcp" port="{端口号}" accept"
# 查询端口开放
sudo firewall-cmd --zone=public --query-port={端口号}/tcp
# 查询服务开放
sudo firewall-cmd --zone=public --query-service={服务名}
# 获取所有可用服务
sudo firewall-cmd --get-servicesPublic 配置文件
/etc/firewalld/zones/public.xml系统内置服务列表
# 系统内置网络服务配置文件
# /usr/lib/firewalld/services
RH-Satellite-6
amanda-client
amanda-k5-client
bacula
bacula-client
bgp
bitcoin
bitcoin-rpc
bitcoin-testnet
bitcoin-testnet-rpc
ceph
ceph-mon
cfengine condor-collector ctdb
dhcp # DHCP服务 67/UDP
dhcpv6
dhcpv6-client
dns
docker-registry
docker-swarm
dropbox-lansync
elasticsearch
freeipa-ldap
freeipa-ldaps
freeipa-replication
freeipa-trust
ftp
ganglia-client
ganglia-master
git
high-availability
http
https
imap
imaps
ipp
ipp-client
ipsec
irc
ircs
iscsi-target
kadmin
kerberos
kibana
klogin
kpasswd
kprop
kshell
ldap
ldaps
libvirt
libvirt-tls
managesieve
mdns
minidlna
mosh
mountd
ms-wbt
mssql
murmur
mysql
nfs
nfs3
nrpe
ntp
openvpn
ovirt-imageio
ovirt-storageconsole
ovirt-vmconsole
pmcd
pmproxy
pmwebapi
pmwebapis
pop3
pop3s
postgresql
privoxy
proxy-dhcp
ptp
pulseaudio
puppetmaster
quassel
radius
redis
rpc-bind
rsh
rsyncd
samba
samba-client
sane
sip
sips
smtp
smtp-submission
smtps
snmp
snmptrap
spideroak-lansync
squid
ssh
synergy
syslog
syslog-tls
telnet
tftp
tftp-client
tinc
tor-socks
transmission-client
vdsm
vnc-server
wbem-https
xmpp-bosh
xmpp-client
xmpp-local
xmpp-server
zabbix-agent
zabbix-server自定义服务
# 自定义服务目录
cd /etc/firewalld/services
# 创建自定义服务文件
nano fourleaf.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>fourleaf</short>
<description>FourLeaf service uses tcp 8081 ~ 8090 port. This firewall-cmd service was created by SRover Lee</description>
<port protocol="tcp" port="8081"/>
<port protocol="tcp" port="8082"/>
<port protocol="tcp" port="8083"/>
<port protocol="tcp" port="8084"/>
<port protocol="tcp" port="8085"/>
<port protocol="tcp" port="8086"/>
<port protocol="tcp" port="8087"/>
<port protocol="tcp" port="8088"/>
<port protocol="tcp" port="8089"/>
<port protocol="tcp" port="8090"/>
</service>
# 添加自定义服务
sudo firewall-cmd --permanent --zone=public --add-service={服务名}
sudo firewall-cmd --reloadTags:关闭linux防火墙命令
猜你喜欢
- 2024-11-26 CentOS7 设置防火墙、开放指定端口操作
- 2024-11-26 Linux系统中的防火墙主要有两种
- 2024-11-26 Iptables 教程 – 使用 Linux 防火墙保护 Ubuntu VPS
- 2024-11-26 Centos7版本不能解压*.zip格式文件
- 2024-11-26 什么是linux防火墙?让首批红帽授权认证专家为你详细解答
- 2024-11-26 Linux防火墙Iptables与Firewalld的学习总结!PDF版可领取
- 2024-11-26 Linux防火墙基础和iptables命令文档,看完终于明白了
- 2024-11-26 linux怎么看防火墙是否开启?删除iptables规则
- 2024-11-26 linux命令-centos7防火墙
- 2024-11-26 Linux入门-Centos7防火墙