在CentOS 7.9中,firewalld是默認的防火墻管理工具,它提供了一種靈活的方式來定義和控制網絡流量的訪問規則。以下是常用的firewalld命令及其使用方式:
sudo systemctl start firewalld
:啟動防火墻sudo systemctl stop firewalld
:停止防火墻sudo systemctl enable firewalld
:開機自啟sudo systemctl disable firewalld
:禁用開機自啟sudo firewall-cmd --state
:檢查運行狀態sudo firewall-cmd --reload
:重載配置(不中斷現有連接)sudo firewall-cmd --complete-reload
:完全重載(中斷連接)sudo firewall-cmd --get-default-zone
:查看默認區域sudo firewall-cmd --set-default-zone=public
:設置默認區域sudo firewall-cmd --get-active-zones
:查看活動區域sudo firewall-cmd --list-all-zones
:列出所有區域規則sudo firewall-cmd --zone=public --list-all
:查看指定區域規則sudo firewall-cmd --zone=public --change-interface=eth0
:綁定接口到區域sudo firewall-cmd --list-services
:查看允許的服務sudo firewall-cmd --add-service=http
:臨時允許 HTTPsudo firewall-cmd --add-service=http --permanent
:永久允許 HTTPsudo firewall-cmd --remove-service=http
:移除 HTTP 規則sudo firewall-cmd --list-ports
:查看開放的端口sudo firewall-cmd --add-port=8080/tcp
:臨時開放 8080/TCPsudo firewall-cmd --add-port=20000-65535/tcp --permanent
:永久開放端口范圍sudo firewall-cmd --remove-port=8080/tcp
:關閉端口sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port port="22" protocol="tcp" accept'
:允許某IP訪問SSH例如,屏蔽端口和放行指定IP和端口的步驟如下:
屏蔽端口:
sudo firewall-cmd --permanent --zone=public --set-target=drop
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
sudo firewall-cmd --permanent --zone=public --add-rich-rule="rule family='ipv4' source address='172.16.5.222' port protocol='tcp' port='22' accept"
sudo firewall-cmd --permanent --zone=public --add-rich-rule="rule family='ipv4' source address='172.16.5.222' port protocol='tcp' port='3306' accept"
sudo firewall-cmd --reload
放行指定IP和端口:
sudo firewall-cmd --add-port=443/tcp --permanent
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='172.16.110.55' accept"
sudo firewall-cmd --reload
希望這些信息對你有所幫助!