真实的国产乱ⅩXXX66竹夫人,五月香六月婷婷激情综合,亚洲日本VA一区二区三区,亚洲精品一区二区三区麻豆

成都創(chuàng)新互聯(lián)網(wǎng)站制作重慶分公司

firewalld操作實(shí)踐-創(chuàng)新互聯(lián)

1、firewalld 從名稱上看,模仿的是硬件防火墻的概念,zone. 所有的接口都必須屬于某個(gè)zone . 在zone內(nèi)配置規(guī)則。firewalld操作實(shí)踐

2. 常用的方法是 增加對(duì)一個(gè)tcp或者udp端口號(hào)的允許通過(guò)的規(guī)則。

創(chuàng)新互聯(lián)公司主營(yíng)彭山網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營(yíng)網(wǎng)站建設(shè)方案,成都App定制開發(fā),彭山h5微信小程序定制開發(fā)搭建,彭山網(wǎng)站營(yíng)銷推廣歡迎彭山等地區(qū)企業(yè)咨詢

  firewall-cmd --add-service icmp --permanent

  firewall-cmd --reload

3. firewalld進(jìn)程有時(shí)候可能沒有啟動(dòng)。需要啟動(dòng)一下對(duì)應(yīng)的進(jìn)程。

[root@localhost zhou]# firewall-cmd --reload
FirewallD is not running
[root@localhost zhou]# ps -ef | grep firewall
root 2970 2757 0 07:57 pts/0 00:00:00 grep --color=auto firewall
[root@localhost zhou]# systemctl start firewalld
[root@localhost zhou]#
[root@localhost zhou]# ps -ef | grep firewall
root 2983 1 14 07:58 ? 00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
root 3207 2757 0 07:58 pts/0 00:00:00 grep --color=auto firewall
[root@localhost zhou]#
[root@localhost zhou]#

4. 查看系統(tǒng)所有的zone

[root@localhost zhou]# firewall-cmd --get-zones      ---> 顯示所有zone
work drop internal external trusted home dmz public block
[root@localhost zhou]# firewall-cmd --get-default-zone  ---> 顯示默認(rèn)zone
public
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --list-all-zones  ---> 顯示所有zone的所有規(guī)則
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:

trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

public (active)
target: default
icmp-block-inversion: no
interfaces: ens33 ens37
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --list-all --zone=public  ---> 顯示public zone的所有規(guī)則
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

5. 獲取接口默認(rèn)所屬的zone

[root@localhost zhou]# firewall-cmd --get-zone-of-interface ens33
public
[root@localhost zhou]#
[root@localhost zhou]# ip link
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:f2:c7:50 brd ff:ff:ff:ff:ff:ff
3: ens37: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:f2:c7:5a brd ff:ff:ff:ff:ff:ff
4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:15:47:59 brd ff:ff:ff:ff:ff:ff
5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:15:47:59 brd ff:ff:ff:ff:ff:ff
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --get-zone-of-interface lo
no zone
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --get-zone-of-interface ens37
no zone
[root@localhost zhou]#
[root@localhost zhou]#

6. 增加某個(gè)服務(wù)或者端口號(hào)

[root@localhost zhou]# firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public
success
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]# firewall-cmd --reload
success
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --remove-service=ssh --zone=public
success
[root@localhost zhou]#
[root@localhost zhou]#

關(guān)閉ssh服務(wù),下面的命令輸入后,ssh連接就不能再建立,對(duì)已有的ssh連接無(wú)影響。
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --permanent --add-port=3306/tcp  ----> 增加tcp端口號(hào)3306, 就是mySQL服務(wù)器的端口號(hào)。
success
[root@localhost zhou]# firewall-cmd --reload
success
[root@localhost zhou]#

參考:

Firewalld詳解

https://zhuanlan.zhihu.com/p/23519454


文章題目:firewalld操作實(shí)踐-創(chuàng)新互聯(lián)
URL鏈接:http://weahome.cn/article/phcog.html

其他資訊

在線咨詢

微信咨詢

電話咨詢

028-86922220(工作日)

18980820575(7×24)

提交需求

返回頂部