CentOS防火墙配置
一、防火墙服务
systemctl start firewalld.service #启动
systemctl stop firewalld.service #关闭
systemctl restart firewalldservice #重启
systemctl status firewalld.service #显示防火墙的状态
systemctl enable firewalld.service #开机时启动
systemctl disable firewalldservice #开机时禁用
systemctlis-enabled firewalldservice #查看防火墙是否开机启动
systemctl list-unit-files/grep enabled #查看已启动的服务列表
systemctl--failed #查看启动失败的服务列表二、防火墙配置
firewall-cmd --version
firewall-cmd --help
firewall-cmd --state
firewall-cmd --zone=public --list-ports #查看所有打开的端口
firewall-cmd --get-active-zones #查看区域信息
firewall-cmd -get-zone-of-interface=eth0 #查看指定接口所属区域
firewall-cmd --panic-on #拒绝所有包、取消拒绝状态、查看是否拒绝
firewall-cmd --panic-off
firewall-cmd -query-panic
firewall-cmd--zone=public --add-port=3306/tcp --permanent #开启3306端口,-permanent永久生效(区域public)
firewall-cmd --add-port=65001-65010/tcp --permanent #永久增加65001-65010例外(全局)
firewall-cmd--reload
firewall-cmd --zone=public -queryport=3306/tcp #查看3306端口是否开放
firewall-cmd --zone=public --removeport=3306/tcp --permanent #删除3306端口配置三、配置文件
[root]# vi /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="cockpit"/>
<port port="8080" protocol="tcp"/>
<port port="8443" protocol="tcp"/>
<port port="8175" protocol="tcp"/>
<rule family="ipv4">
<source address="123.x.x.14"/>
<port protocol="tcp" port="10050-10051"/> ##可以开放端口地址范围"10050-10051",不单只限定一个端口
<accept/>
</rule>
<rule family="ipv4">
<source address="192.x.x.114"/> ##放通指定ip,指定端口、协议
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4"> ##放通任意ip访问服务器的9527端口
<port protocol="tcp" port="9527"/>
<accept/>
</rule>
</zone>