centos7 防火墙一些相关设置 开机添加静态路由 特殊的方法
参考文献:
https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html/security_guide/sec-using_firewalls
-
systemctl start firewalld
-
systemctl enable firewalld
-
systemctl stop firewalld
-
systemctl disable firewalld
防火墙匹配规则
1、匹配IP
2、匹配接口
3、匹配默认
firewall-cmd --state
firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --zone=public --list-all
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
firewall-cmd --reload
firewall-cmd --add-rich-rule="rule family='ipv4' source address='7.2.1.3' port port='22' protocol='tcp' drop" --permanent
firewall-cmd --remove-rich-rule='rule family='ipv4' source address='7.2.1.3' port port='22' protocol='tcp' drop' --permanent
firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.168.1.1' port port='22' protocol='tcp' accept" --permanent
firewall-cmd --remove-rich-rule='rule family='ipv4' source address='192.168.1.1' port port='22' protocol='tcp' accept' --permanent
firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
firewall-cmd --zone=public --remove-service=ssh --permanent
firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.168.0.0/16' port port='22' protocol='tcp' accept" --permanent
firewall-cmd --add-rich-rule="rule family='ipv4' source address='2.9.58.24/29' port port='22' protocol='tcp' accept" --permanent
firewall-cmd --add-rich-rule="rule family='ipv4' port port='80' protocol='tcp' accept" --permanent
firewall-cmd --add-rich-rule="rule family='ipv4' port port='443' protocol='tcp' accept" --permanent
firewall-cmd --add-rich-rule='rule protocol value=icmp drop' --permanent
查看firewal-cmd最后的结果iptables -L -n
firewalld
的配置储存在 /usr/lib/firewalld/
和 /etc/firewalld/
里的各种 XML 文件里
/usr/lib/firewalld/为默认区域配置,里面都是系统默认配置
/etc/firewalld/
为当前使用的永久配置文件,重启任然生效,firewall-cmd --permanent以后的结果都在这里
public.xml.old相当于一个备份文件,每次编辑public.xml时,系统会自动将原public.xml内容备份到public.xml.old
vi /etc/ssh/sshd_config
ListenAddress X.X.X.X
关闭sel
sed -i s#SELINUX=enforcing#SELINUX=disable#g /etc/selinux/config
centos7开机添加静态路由的唯一方法!
vi /etc/sysconfig/network-scripts/route-eth0
192.168.0.0/16 via 172.16.16.200
10.0.0.0/8 via 172.16.16.200
相关文章
- Mac VMware Fusion CentOS7配置静态IP
- 安装完成centos7/centos8之后总会提示新增普通用户,如何跳过
- Centos7安装Elasticsearch6.3及ik分词器,设置开机自启
- CentOS7使用firewalld打开关闭防火墙与端口
- Centos7搭建FTP服务详细过程
- CentOS7下安装mysql5.7
- Oracle VM VirtualBox 安装 Centos7 并配置静态IP
- centos7 搭建keepalived+Nginx+tomcat
- centOS7设置静态ip后无法上网的解决,【亲可测】
- CentOS7 yum 安装 PostgreSQL
- CentOS7-64bit 编译 Hadoop-2.5.0,并分布式安装
- VMware克隆CentOS7.X网卡修改为静态IP与分布式环境内网互通原则
- centos7关闭、重启nginx服务
- 笔记本上安装centos7
- CentOS7安装docker
- python - centos7安装ipython
- CentOS7中使用systemctl列出启动失败的服务
- Centos7 使用ssh进行x11图形界面转发
- centos7安装nginx随笔记录