centos防火墙规则设置
开启防火墙设置并设置开机自启动模式
systemctl start firewalld systemctl enable firewalld
查看防火墙状态
[root@ecs-kunpeng ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-06-22 09:30:11 CST; 10min ago Docs: man:firewalld(1) Main PID: 21380 (firewalld) Tasks: 2 (limit: 1538) Memory: 33.3M CGroup: /system.slice/firewalld.service └─21380 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid Jun 22 09:30:11 ecs-kunpeng systemd[1]: Starting firewalld - dynamic firewall daemon... Jun 22 09:30:11 ecs-kunpeng systemd[1]: Started firewalld - dynamic firewall daemon.
查看防火墙开放端口
[root@ecs-kunpeng ~]# firewall-cmd --list-ports 8024/tcp 33389/tcp 8080/tcp 443/tcp
查看防火墙状态
[root@ecs-kunpeng ~]# firewall-cmd --state running
查看防火墙规则
[root@ecs-kunpeng ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: cockpit dhcpv6-client ssh ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept
设置指定IP地址访问特定端口
#允许ip192.168.0.1访问9001端口 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept" # source address="192.168.0.1"//访问端口的公网IP地址 # port="9001" //访问客户端的端口号 #重新载入一下防火墙设置,使设置生效 firewall-cmd --reload #查看已设置规则 firewall-cmd --zone=public --list-rich-rules
删除防火墙设置的规则
#停止客户端运行nps服务 #移除ip192.168.0.1访问9001端口 firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept" #重新载入一下防火墙设置,使设置生效 firewall-cmd --reload #查看已设置规则 firewall-cmd --zone=public --list-rich-rules [root@ecs-kunpeng ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: cockpit dhcpv6-client ssh ports: 8024/tcp 33389/tcp 8080/tcp 443/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="39.144.2.184" port port="8024" protocol="tcp" accept rule family="ipv4" source address="49.74.123.90" port port="8024" protocol="tcp" accept rule family="ipv4" source address="223.104.147.74" port port="8024" protocol="tcp" accept