centos防火墙规则设置
2023-02-18 16:26:27 时间
centos防火墙规则设置
开启防火墙设置并设置开机自启动模式
systemctl start firewalld
systemctl enable firewalld
查看防火墙状态
[root@ecs-kunpeng ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-06-22 09:30:11 CST; 10min ago
Docs: man:firewalld(1)
Main PID: 21380 (firewalld)
Tasks: 2 (limit: 1538)
Memory: 33.3M
CGroup: /system.slice/firewalld.service
└─21380 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Jun 22 09:30:11 ecs-kunpeng systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 22 09:30:11 ecs-kunpeng systemd[1]: Started firewalld - dynamic firewall daemon.
查看防火墙开放端口
[root@ecs-kunpeng ~]# firewall-cmd --list-ports
8024/tcp 33389/tcp 8080/tcp 443/tcp
查看防火墙状态
[root@ecs-kunpeng ~]# firewall-cmd --state
running
查看防火墙规则
[root@ecs-kunpeng ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept
rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept
设置指定IP地址访问特定端口
#允许ip192.168.0.1访问9001端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
# source address="192.168.0.1"//访问端口的公网IP地址
# port="9001" //访问客户端的端口号
#重新载入一下防火墙设置,使设置生效
firewall-cmd --reload
#查看已设置规则
firewall-cmd --zone=public --list-rich-rules
删除防火墙设置的规则
#停止客户端运行nps服务
#移除ip192.168.0.1访问9001端口
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
#重新载入一下防火墙设置,使设置生效
firewall-cmd --reload
#查看已设置规则
firewall-cmd --zone=public --list-rich-rules
[root@ecs-kunpeng ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept
rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept
rule family="ipv4" source address="223.104.147.74" port port="8024" protocol="tcp" accept
相关文章
- Object.defineProperty 与 Proxy 有什么区别?
- Zabbix自动安装篇
- 什么叫 “雪碧图”?
- 如何做前端性能优化?
- Nexus Repository和Docker Registry镜像仓库搭建及使用
- NPM 如何换源?
- TypeScript 的装饰器有哪些?
- 类型体操:探究 TypeScript 内置高级类型
- Vue 和 React 有什么不同?
- 为什么程序员都吝啬自己的点赞?
- 听起来高大上的控制反转(IOC)是什么?
- macOS 上如何写自定义命令行工具?
- 为什么 url 通常使用域名而不是 IP 地址?
- 【动态规划】LeetCode 题解:416-分割等和子集
- 【动态规划】LeetCode 题解:494-目标和
- 力扣刷题篇——双指针
- 关闭 vscode 奇怪的目录紧凑显示
- 你需要掌握的 Koa 洋葱模型和中间件
- 动态规划题: 统计每个月兔子的总数
- 力扣刷题篇——滑动窗口