CentOS 7 防火墙 firewalld 设置
Centos 7 在一些设置上与之前的版本存在较大的差异,如防火墙不再采用 iptables
命令,改用firewalld
。
systemctl
是 CentOS 7 的服务管理工具中主要的工具,它融合之前service
和chkconfig
的功能于一体。
查看服务
- 查看 service 服务:
systemctl list-units|grep fire
- 查看已启动的服务列表:
systemctl list-unit-files|grep enabled
firewalld服务
状态:
systemctl status firewalld.service
或者:
firewall-cmd --state
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
# 启动状态是 active(running), 未启动状态是 inactive (dead)
Active: active (running) since Mon 2021-03-22 21:41:20 EDT; 1 day 1h ago
Docs: man:firewalld(1)
Main PID: 770 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
/usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Mar 22 21:41:18 gxvmcentos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 22 21:41:20 gxvmcentos7 systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 22 21:41:20 gxvmcentos7 firewalld[770]: WARNING: AllowZoneDrifting is enabled. This is consid...ow.
Hint: Some lines were ellipsized, use -l to show in full.
# 或者
~]# firewall-cmd --state
running启动:
systemctl start firewalld.service
重启:
systemctl restart firewalld.service
重载:
systemctl reload firewalld.service
停止:
systemctl stop firewalld.service
是否开机启动:
systemctl is-enabled firewalld
1
2
3
4
5
6# 开机启动
~]# systemctl is-enabled firewalld
enabled
# 非开机启动
~]# systemctl is-enabled firewalld
disable开机时启动:
systemctl enable firewalld.service
禁止开机启动:
systemctl disable firewalld.service
查看开机是否启动:
systemctl is-enabled firewalld.service;echo $?
firewalld配置
- 查看版本:
firewall-cmd --version
- 查看帮助:
firewall-cmd --help
- 显示状态:
firewall-cmd --state
- 查看放行端口:
firewall-cmd --zone=public --list-ports
或firewall-cmd --list-ports
- 重新加载配置:
firewall-cmd --reload
- 查看区域信息:
firewall-cmd --get-active-zones
- 查看指定接口所属区域:
firewall-cmd --get-zone-of-interface=eth0
- 拒绝所有包:
firewall-cmd --panic-on
- 取消拒绝状态:
firewall-cmd --panic-off
- 查看是否拒绝:
firewall-cmd --query-panic
端口开关
- 添加放行端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent
(–permanent永久生效,没有此参数重启后失效) - 重新加载配置:
firewall-cmd --reload
- 查看端口是否已开放:
firewall-cmd --zone=public --query-port=80/tcp
- 查看所有开放的端口:
firewall-cmd --list-ports
- 删除放行端口:
firewall-cmd --zone=public --remove-port=80/tcp --permanent
监听端口
查看系统监听端口:netstat -tunlp
- -a 显示所有
- -n 以ip形式显示当前建立的有效连接和端口
- -u 显示UDP协议
- -t 显示TCP协议
- -p 显示对应PID与程序名
1 | ~]# netstat -tunlp |
CentOS 7 防火墙 firewalld 设置
http://blog.gxitsky.com/2021/03/23/Linux-CentOS-firewalld-setting/