centos防火墙规则设置-阿里云开发者社区

centos防火墙规则设置

2023-05-23 237

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： centos防火墙规则设置

centos防火墙规则设置

开启防火墙设置并设置开机自启动模式

systemctl start firewalld
systemctl enable firewalld

查看防火墙状态

[root@ecs-kunpeng ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-06-22 09:30:11 CST; 10min ago
     Docs: man:firewalld(1)
 Main PID: 21380 (firewalld)
    Tasks: 2 (limit: 1538)
   Memory: 33.3M
   CGroup: /system.slice/firewalld.service
           └─21380 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Jun 22 09:30:11 ecs-kunpeng systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 22 09:30:11 ecs-kunpeng systemd[1]: Started firewalld - dynamic firewall daemon.

查看防火墙开放端口

[root@ecs-kunpeng ~]# firewall-cmd --list-ports
8024/tcp 33389/tcp 8080/tcp 443/tcp

查看防火墙状态

[root@ecs-kunpeng ~]# firewall-cmd --state
running

查看防火墙规则

[root@ecs-kunpeng ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept
        rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept

设置指定IP地址访问特定端口

#允许ip192.168.0.1访问9001端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
# source address="192.168.0.1"//访问端口的公网IP地址
# port="9001" //访问客户端的端口号
#重新载入一下防火墙设置，使设置生效
firewall-cmd --reload
#查看已设置规则
firewall-cmd --zone=public --list-rich-rules

删除防火墙设置的规则

#停止客户端运行nps服务
#移除ip192.168.0.1访问9001端口
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
#重新载入一下防火墙设置，使设置生效
firewall-cmd --reload
#查看已设置规则
firewall-cmd --zone=public --list-rich-rules
[root@ecs-kunpeng ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept
        rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept
        rule family="ipv4" source address="223.104.147.74" port port="8024" protocol="tcp" accept

centos防火墙规则设置

centos防火墙规则设置

开启防火墙设置并设置开机自启动模式

查看防火墙状态

查看防火墙开放端口

查看防火墙状态

查看防火墙规则

设置指定IP地址访问特定端口

删除防火墙设置的规则

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像