防火墙管理
文章目录
- 防火墙管理
- 1、直接关闭防火墙
- 2、firewalld防火墙的基本使用
- 3、防火墙端口管理
- 4、参考资料
CentOS7防火墙
CentOS7默认安装了firewalld防火墙
利用防火墙,我们可以允许或是限制传输的数据通过
firewall
1、直接关闭防火墙
systemctl status firewalld (查看防火墙状态)
systemctl stop firewalld (停止防火墙)
systemctl disable firewalld(禁止开机启动)
eg:
[root@liuawen ~]
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-05-10 16:04:31 CST; 41min ago
Docs: man:firewalld(1)
Main PID: 31591 (firewalld)
CGroup: /system.slice/firewalld.service
└─31591 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
May 10 16:04:31 liuawen systemd[1]: Starting firewalld - dynamic firewall daemon...
May 10 16:04:31 liuawen systemd[1]: Started firewalld - dynamic firewall daemon.
May 10 16:04:32 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
May 10 16:04:32 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
May 10 16:29:05 liuawen firewalld[31591]: WARNING: NOT_ENABLED: 8010-8015:tcp
May 10 16:32:04 liuawen firewalld[31591]: WARNING: NOT_ENABLED: 2181:tcp
May 10 16:37:21 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
May 10 16:37:21 liuawen firewalld[31591]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
Hint: Some lines were ellipsized, use -l to show in full.
[root@liuawen ~]
[root@liuawen ~]
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@liuawen ~]
disabled
[root@liuawen ~]
2、firewalld防火墙的基本使用
开启、关闭、重启、禁用、查看防火墙
firewall-cmd --state
查看防火墙的状态state firewall-cmd --state
停止防火墙: systemctl stop firewalld
开启防火墙: systemctl start firewalld
查看防火墙状态:systemctl status firewalld
重新启动防火墙:systemctl restart firewalld
开机禁用就是开机不启动防火墙服务 : systemctl disable firewalld
开机启用防火墙服务 : systemctl enable firewalld
查看防火墙服务是否开机启动:systemctl is-enabled firewalld.service
查看版本: firewall-cmd --version
显示状态: firewall-cmd --state
查看帮助: firewall-cmd --help
更新防火墙规则: firewall-cmd --reload
查看所有打开的端口: firewall-cmd --zone=public --list-ports
eg:
[root@liuawen ~]
success
[root@liuawen ~]
0.6.3
[root@liuawen ~]
running
[root@liuawen ~]
[root@liuawen ~]
[root@liuawen ~]
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-05-10 16:03:38 CST; 45s ago
Docs: man:firewalld(1)
Main PID: 31323 (firewalld)
Tasks: 2
Memory: 21.9M
CGroup: /system.slice/firewalld.service
└─31323 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
May 10 16:03:38 liuawen systemd[1]: Starting firewalld - dynamic firewall daemon...
May 10 16:03:38 liuawen systemd[1]: Started firewalld - dynamic firewall daemon.
May 10 16:03:38 liuawen firewalld[31323]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
May 10 16:03:39 liuawen firewalld[31323]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP'...chain?).
Hint: Some lines were ellipsized, use -l to show in full.
[root@liuawen ~]
[root@liuawen ~]
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@liuawen ~]
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@liuawen ~]
[root@liuawen ~]
enabled
[root@liuawen ~]
CentOS7 我执行service firewall start
,错误信息[root@liuawen ~]# service firewall start Redirecting to /bin/systemctl start firewall.service Failed to start firewall.service: Unit not found. [root@liuawen ~]# systemctl start firewalld
可以执行systemctl start firewalld
这个。
3、防火墙端口管理
开放删除端口
firewall-cmd --permanent --add-port=2181/tcp
firewall-cmd -reload
firewall-cmd --permanent --remove-port=2181/tcp
firewall-cmd --permanent --list-ports
–permanent参数是永久生效,没有此参数时,重新启动系统之前的开启或删除端口失效了。
–reload重新加载
firewall-cmd --permanent --add-port=8080-8085/tcp
设置一个范围 ,--remove-port=8080-8085
删除也是一个范围 。
查看开启的端口和服务
firewall-cmd --permanent --list-ports
eg:
[root@liuawen ~]
Warning: NOT_ENABLED: 2181:tcp
success
[root@liuawen ~]
success
[root@liuawen ~]
success
[root@liuawen ~]
success
[root@liuawen ~]
20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp 2181/udp 2181/tcp
[root@liuawen ~]
success
[root@liuawen ~]
success
[root@liuawen ~]
20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp
[root@liuawen ~]
success
[root@liuawen ~]
0.6.3
[root@liuawen ~]
running
[root@liuawen ~]
20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp
[root@liuawen ~]
[root@liuawen ~]
no zone
[root@liuawen ~]
no zone
[root@liuawen ~]
usage: see firewall-cmd man page
firewall-cmd: error: unrecognized arguments: --get-zone-of-8080=eth0
[root@liuawen ~]
usage: see firewall-cmd man page
firewall-cmd: error: unrecognized arguments: public
[root@liuawen ~]
yes
[root@liuawen ~]
no
[root@liuawen ~]
success
[root@liuawen ~]
20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 888/tcp 3306/tcp 3306/udp 8001/tcp 8001/udp 8002/tcp 8002/udp 8003/tcp 8003/udp 8000/tcp 8000/udp 8080/tcp
[root@liuawen ~]
4、参考资料
1、Docker环境下前后端分离项目部署与运维-防火墙管理
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)