CentOS7中firewall防火墙详解和配置
官方文档地址:
cd /usr/lib/firewalld/services 目录中存放定义好的网络服务和端口参数,系统参数,不能修改。
cd /etc/firewalld/services/
systemctl status firewall 查看firewall服务状态
firewall-cmd --state 查看firewall的状态
firewall-cmd --list-all 查看防火墙规则
方法1、修改配置文件/etc/firewalld/zones/public.xml
[root@nginx01 zones]# cat public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<rule family="ipv4">
<source address="122.10.70.234"/>
<port protocol="udp" port="514"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="123.60.255.14"/>
<port protocol="tcp" port="10050-10051"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="192.249.87.114"/> 放通指定ip,指定端口、协议
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4"> 放通任意ip访问服务器的9527端口
<port protocol="tcp" port="9527"/>
<accept/>
</rule>
</zone>
添加需要的规则,放通源ip为192.249.87.114,端口80,协议tcp
需要对之前防火墙做好备份
再重启firewalld.service服务
service firewalld restart
方法2、
firwall-cmd --permanent --add-port=9527/tcp 插入防火墙规则,放通9527端口。
在/etc/firewall/zones/public.xml中自动生成该规则。
<service name="dhcpv6-client"/>
<port protocol="tcp" port="9527"/>
</zone>
firewall-cmd --permanent --query-port=9527/tcp 查询刚插入的规则是否生效
扩展文档:
1.CentOS7下Firewall防火墙配置用法详解
http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html
2.在CentOS7.0 中默认的防火墙 “firewall” 使用方法
http://f.dataguru.cn/thread-473492-1-1.html