# systemctl start firewalld # systemctl stop firewalld # systemctl enable firewalld # systemctl disable firewalld
# firewall-cmd --state # firewall-cmd --list-all # firewall-cmd --list-interfaces # firewall-cmd --get-service # firewall-cmd --query-service service_name # firewall-cmd --add-port=8080/tcp
开放服务 --permanent 表示永久生效
# firewall-cmd --add-service=http # firewall-cmd --permanent --add-service=http # systemctl restart firewalld
安装iptables
# yum install iptables-services # vim /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
默认firewall作为防火墙的设置
#禁止firewall开机启动 # systemctl disable firewalld.service #设置防火墙开机启动 # systemctl enable iptables.service #停止firewall # systemctl stop firewalld.service #重启防火墙使配置生效 # systemctl restart iptables.service # chkconfig --level 345 iptables on # service iptables start
Saving and Restoring IPTables Rules
# service iptables save
Firewall Policies
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。