Home | 简体中文 | 繁体中文 | 杂文 | 打赏(Donations) | OSChina 博客 | Facebook | Linkedin | 知乎专栏 | Search | About

41.5. Firewalld

41.5.1. firewalld

# systemctl start firewalld
# systemctl stop firewalld
# systemctl enable firewalld
# systemctl disable firewalld
		

41.5.1.1. firewall-cmd

# firewall-cmd --state
# firewall-cmd --list-all
# firewall-cmd --list-interfaces
# firewall-cmd --get-service
# firewall-cmd --query-service service_name
# firewall-cmd --add-port=8080/tcp
			

开放服务 --permanent 表示永久生效

# firewall-cmd --add-service=http
# firewall-cmd --permanent --add-service=http
# systemctl restart firewalld			
			

41.5.2. 如果你不习惯使用firewalld想用回Iptables

安装iptables

# yum install iptables-services

# vim /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
		

默认firewall作为防火墙的设置

#禁止firewall开机启动

# systemctl disable firewalld.service

#设置防火墙开机启动

# systemctl enable iptables.service 

#停止firewall 

# systemctl stop firewalld.service 

#重启防火墙使配置生效

# systemctl restart iptables.service		
		
# chkconfig --level 345 iptables on
# service iptables start
		

Saving and Restoring IPTables Rules

# service iptables save
		

Firewall Policies