介绍linux防火墙firewall-cmd常用命令操作
开启防火墙
1
| systemctl start firewalld.service
|
防火墙开机启动
1
| systemctl enable firewalld.service
|
关闭防火墙
1
| systemctl stop firewalld.service
|
查看防火墙状态
查看现有的规则
重载防火墙配置
添加单个单端口
1
| firewall-cmd --permanent --zone=public --add-port=81/tcp
|
添加多个端口
1
| firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp
|
删除某个端口
1
| firewall-cmd --permanent --zone=public --remove-port=81/tcp
|
针对某个 IP开放端口
1
2
| firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="6379" accept"`
`firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.233" accept"
|
删除某个IP
1
| firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.51" accept"
|
针对一个ip段访问
1
2
| firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0/16" accept"`
`firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept"
|
添加操作后别忘了执行重载
firewalld开启端口配置
比如开启某服务(mysql)端口:3306,可以使用下面命令
1
2
3
4
| aport=3306
firewall-cmd --zone=public --add-port=${aport}/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
|
firewalld关闭端口配置
比如关闭某服务(mysql)端口:3306,可以使用下面命令
1
2
3
4
| aport=3306
firewall-cmd --zone=public --remove-port=${aport}/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
|
示例
放开3306端口
1
2
3
| firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
|
移除3306端口
1
2
3
| firewall-cmd --zone=public --remove-port=3306/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
|
添加主机和访问服务端口
添加源ip地址:192.168.1.2,端口:21的访问
1
| firewall-cmd --add-rich-rule='rule family="ipv4" source address=192.168.1.2/32 port port=21 protocol=tcp accept' --permanent
|
1
2
3
4
| ipaddrs="192.168.1.2"
firewall-cmd --add-rich-rule='rule family="ipv4" source address="${ipaddrs}" protocol=tcp accept' --permanent
firewall-cmd --reload
firewall-cmd --list-all
|