CentOS7中firewall防火墙详解和配置

时间:2015-09-08 23:43:33   收藏:0   阅读:22176

官方文档地址:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#sec-Introduction_to_firewalld1


cd /usr/lib/firewalld/services 目录中存放定义好的网络服务和端口参数,系统参数,不能修改。

cd /etc/firewalld/services/



systemctl status firewall        查看firewall服务状态

firewall-cmd --state            查看firewall的状态

firewall-cmd --list-all        查看防火墙规则


方法1、修改配置文件/etc/firewalld/zones/public.xml

[root@nginx01 zones]# cat public.xml

<?xml version="1.0" encoding="utf-8"?>

<zone>

  <short>Public</short>

  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

  <rule family="ipv4">

    <source address="122.10.70.234"/>

    <port protocol="udp" port="514"/>

    <accept/>

  </rule>

  <rule family="ipv4">

    <source address="123.60.255.14"/>

    <port protocol="tcp" port="10050-10051"/>

    <accept/>

  </rule>

 <rule family="ipv4">

    <source address="192.249.87.114"/>                放通指定ip,指定端口、协议

    <port protocol="tcp" port="80"/>

    <accept/>

  </rule>

<rule family="ipv4">                放通任意ip访问服务器的9527端口

    <port protocol="tcp" port="9527"/>

    <accept/>

  </rule>

</zone>

添加需要的规则,放通源ip为192.249.87.114,端口80,协议tcp

需要对之前防火墙做好备份


再重启firewalld.service服务

service firewalld restart


方法2、

firwall-cmd --permanent --add-port=9527/tcp    插入防火墙规则,放通9527端口。

    在/etc/firewall/zones/public.xml中自动生成该规则。

<service name="dhcpv6-client"/>

  <port protocol="tcp" port="9527"/>

</zone>


firewall-cmd --permanent --query-port=9527/tcp    查询刚插入的规则是否生效



扩展文档:

1.CentOS7下Firewall防火墙配置用法详解

http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html


2.在CentOS7.0 中默认的防火墙 “firewall” 使用方法

http://f.dataguru.cn/thread-473492-1-1.html



评论(0
© 2014 mamicode.com 版权所有 京ICP备13008772号-2  联系我们:gaon5@hotmail.com
迷上了代码!