首页 > 系统相关 >centos7防火墙配置详细

centos7防火墙配置详细

时间:2023-11-05 13:44:06浏览次数:41  
标签:ac source -- cmd 防火墙 centos7 firewall 详细 root

 

一、条件防火墙是开启的

[root@ac ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Sun 2023-11-05 20:45:21 CST; 2min 8s ago
     Docs: man:firewalld(1)
 Main PID: 1267 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─1267 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

 



1、查看防火墙的配置

[root@ac ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: 

2、开放80端口
1 [root@ac ~]# firewall-cmd --permanent --add-port=80/tcp
  [root@ac ~]# firewall-cmd --permanent --add-port=81/tcp
2 success
3 [root@ac ~]# firewall-cmd --reload      #重新加载防火墙配置才会生效
4 success



[root@ac ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 80/tcp 81/tcp      
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 




 3、移除以上规则





[root@ac ~]# firewall-cmd --permanent --remove-port=80/tcp
success
[root@ac ~]# firewall-cmd --permanent --remove-port=81/tcp
success


[root@ac ~]# firewall-cmd  --reload
success
[root@ac ~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 






 4、放通某个端口段



 1 [root@ac ~]# firewall-cmd --permanent --zone=public --add-port=1000-2000/tcp
 2 success
 3 [root@ac ~]# firewall-cmd --reload
 4 success
 5 [root@ac ~]# firewall-cmd --list-all
 6 public
 7   target: default
 8   icmp-block-inversion: no
 9   interfaces: 
10   sources: 
11   services: dhcpv6-client ssh
12   ports: 1000-2000/tcp      #已添加
13   protocols: 
14   masquerade: no
15   forward-ports: 
16   source-ports: 
17   icmp-blocks: 
18   rich rules: 



5、放通某个IP访问,默认允许



 1 [root@ac ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.200.105 accept'
 2 success
 3 [root@ac ~]# firewall-cmd --reload
 4 success
 5 [root@ac ~]# firewall-cmd --list-all
 6 public
 7   target: default
 8   icmp-block-inversion: no
 9   interfaces: 
10   sources: 
11   services: dhcpv6-client ssh
12   ports: 1000-2000/tcp
13   protocols: 
14   masquerade: no
15   forward-ports: 
16   source-ports: 
17   icmp-blocks: 
18   rich rules: 
19     rule family="ipv4" source address="192.168.200.105" accept    #已添加



6、禁止某个IP访问



1 [root@ac ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.0.0.42 drop'
2 [root@ac ~]# firewall-cmd --reload
3 success



 



 1 [root@ac ~]# firewall-cmd --list-all
 2 public
 3   target: default
 4   icmp-block-inversion: no
 5   interfaces: 
 6   sources: 
 7   services: dhcpv6-client ssh
 8   ports: 1000-2000/tcp
 9   protocols: 
10   masquerade: no
11   forward-ports: 
12   source-ports: 
13   icmp-blocks: 
14   rich rules: 
15     rule family="ipv4" source address="192.168.200.105" accept
16     rule family="ipv4" source address="10.0.0.42" drop      #已拒绝该IP访问
17     



 


7、放通某个IP访问某个端口



 1 [root@ac ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.1.169 port protocol=tcp port=6379 accept'
 2 success
 3 [root@ac ~]# firewall-cmd --reload
 4 success
 5 [root@ac ~]# firewall-cmd --list-all
 6 public
 7   target: default
 8   icmp-block-inversion: no
 9   interfaces: 
10   sources: 
11   services: dhcpv6-client ssh
12   ports: 1000-2000/tcp
13   protocols: 
14   masquerade: no
15   forward-ports: 
16   source-ports: 
17   icmp-blocks: 
18   rich rules: 
19     rule family="ipv4" source address="192.168.200.105" accept
20     rule family="ipv4" source address="10.0.0.42" drop
21     rule family="ipv4" source address="192.168.1.169" port port="6379" protocol="tcp" accept  #已放通该IP的6379端口





#禁止指定IP访问本机8080端口



 1 [root@ac ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" reject'
 2 success
 3 [root@ac ~]# firewall-cmd --reload
 4 success
 5 [root@ac ~]# firewall-cmd --list-all
 6 public
 7   target: default
 8   icmp-block-inversion: no
 9   interfaces: 
10   sources: 
11   services: dhcpv6-client ssh
12   ports: 1000-2000/tcp
13   protocols: 
14   masquerade: no
15   forward-ports: 
16   source-ports: 
17   icmp-blocks: 
18   rich rules: 
19     rule family="ipv4" source address="192.168.200.105" accept
20     rule family="ipv4" source address="10.0.0.42" drop
21     rule family="ipv4" source address="192.168.1.169" port port="6379" protocol="tcp" accept
22     rule family="ipv4" source address="192.168.1.1" port port="8080" protocol="tcp" reject    #已添加



8、移除以上规则



1 [root@ac ~]# firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.169" port port="6379" protocol="tcp" accept'
2 success
3 [root@ac ~]# firewall-cmd --reload
4 success




 1 [root@ac ~]# firewall-cmd --list-all
 2 public
 3   target: default
 4   icmp-block-inversion: no
 5   interfaces: 
 6   sources: 
 7   services: dhcpv6-client ssh
 8   ports: 1000-2000/tcp                                          
 9   protocols: 
10   masquerade: no  
11   forward-ports: 
12   source-ports: 
13   icmp-blocks: 
14   rich rules:                                         #已删除192.168.1.169的6379端口
15     rule family="ipv4" source address="192.168.200.105" accept
16     rule family="ipv4" source address="10.0.0.42" drop
17     rule family="ipv4" source address="192.168.1.1" port port="8080" protocol="tcp" reject



 



 1 [root@ac ~]# firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=10.0.0.42 drop'
 2 success
 3 [root@ac ~]# firewall-cmd --reload
 4 success
 5 [root@ac ~]# firewall-cmd --list-all
 6 public
 7   target: default
 8   icmp-block-inversion: no
 9   interfaces: 
10   sources: 
11   services: dhcpv6-client ssh
12   ports: 1000-2000/tcp
13   protocols: 
14   masquerade: no
15   forward-ports: 
16   source-ports: 
17   icmp-blocks: 
18   rich rules: 
19     rule family="ipv4" source address="192.168.200.105" accept
20     rule family="ipv4" source address="192.168.1.1" port port="8080" protocol="tcp" reject




 1 [root@ac ~]# firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" reject'
 2 success
 3 [root@ac ~]# firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=192.168.200.105 accept'
 4 success
 5 [root@ac ~]# firewall-cmd --reload
 6 success
 7 [root@ac ~]# firewall-cmd --list-all
 8 public
 9   target: default
10   icmp-block-inversion: no
11   interfaces: 
12   sources: 
13   services: dhcpv6-client ssh
14   ports: 1000-2000/tcp
15   protocols: 
16   masquerade: no
17   forward-ports: 
18   source-ports: 
19   icmp-blocks: 
20   rich rules: 



 



 







标签:ac,source,--,cmd,防火墙,centos7,firewall,详细,root	

From: https://www.cnblogs.com/AchEngsusu/p/17810447.html
      

      




      

      

        
相关文章

        

          
    
 
  • Linux安装maven(详细教程)
    yuanwen:https://www.cnblogs.com/outrun/p/17708907.htmlhttps://www.cnblogs.com/outrun/p/17708907.htmlLinux安装maven(详细教程)Linux安装maven(详细教程)一、简介Maven是意第绪语,意思是“知识的积累者”,最初是为了简化JakartaTurbine项目中的构建过程。有几......
     
  • 移动跨平台框架Flutter详细介绍和学习线路分享
    Flutter简介Flutter是一款移动应用程序SDK,一份代码可以同时生成iOS和Android两个高性能、高保真的应用程序。Flutter目标是使开发人员能够交付在不同平台上都感觉自然流畅的高性能应用程序。我们兼容滚动行为、排版、图标等方面的差异。在全世界,Flutter正在被越来越多的开发者和......
     
  • IDEA2023 Java web项目配置Tomcat 详细步骤
    1.选择NewProject,设置好项目名和JDK,点击Create2.选择file/打开ProjectStructure  3.在Modules里点击加号选择Web,这样IDEA会帮我们创建好webapp文件夹和web.xml配置文件 4.为项目创建一个web应用artifacts,IDEA在这里会提示,直接点击CreateArtifact就可以自动配置 5.......
     
  •  【2023最新】超详细!!!新商盟卷烟js逆向_包括验证码错误问题
    前言新商盟卷烟密码js逆向密码加密好解决,但是多次请求,还会有一个验证码这个时候就会请求失败所以验证码问题我也会解决1抓包先模拟登录,抓到返回表单的包2搜素加密字段输入加密的字段,搜索js文件打断点调试3断点调试在可疑的字段处打上断点再次输入进行调试调......
     
  • 基于iptables防火墙堵漏
    之前在网上流传个段子:发现自己电脑被入侵,最有效的办法是即拔掉网线~虽然只是个段子,却说明一旦机器发现漏洞被入侵,阻断入侵刻不容缓,无论对个人电脑和业务服务器都是如此。商业服务器虽然有各种防护措施,但是也不能保证百分百安全,一旦被入侵处理起来可不能直接拔网线。具体处理措施......
     
  • 全网最详细4W字Flink全面解析与实践(下)
    本文已收录至GitHub,推荐阅读......
     
  • 全网最详细4W字Flink全面解析与实践(上)
    本文已收录至GitHub,推荐阅读......
     
  • FAT32文件系统详细分析 (格式化SD nand/SD卡)
    文章目录FAT32文件系统详细分析(续FAT文件系统详解)1.前言2.格式化SDnand/SD卡3.FAT32文件系统分析3.1保留区分析3.1.1BPB(BIOSParameterBlock)及BS区分析3.1.2FSInfo结构扇区分析3.1.3引导扇区剩余扇区3.1.4备份引导扇区3.1.5保留区剩余区域3.2分区偏移及大小计算3.......
     
  • Centos7安装Docker
    在CentOS7上安装Docker需要以下步骤:更新系统:使用以下命令更新CentOS系统,确保已经安装了最新的软件包和依赖项。sudoyumupdate安装Docker依赖项:Docker运行需要一些依赖项,使用以下命令安装这些依赖项。sudoyuminstall-yyum-utilsdevice-mapper-persistent-da......
     
  • Centos7安装openJdk17
    yum安装安装EPEL软件源:使用以下命令安装EPEL软件源,它包含了OpenJDK17的安装包。sudoyuminstallepel-releasesudoyuminstalljava-17-openjdk-develjava--version手动下载压缩包安装解压安装包tar-xvfjdk-17_linux-x64_bin.tar.gz移动解压后的文件夹到/u......
     
    •            
          

        

      

    

    

      
赞助商

      




      

      
阅读排行

      

        
      

    

  





  
 
    
网站主页关于我们联系我们网站地图 

    
本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。 

    
Copyright © 2020-2023  IPS99  版权所有 IPS99