CentOS7 埠的開放關閉查看都是用防火牆來控制的,具體命令如下: 查看防火牆狀態:(active (running) 即是開啟狀態) [root@WSS bin]# systemctl firewalld status Unknown operation 'firewalld'. [root@ ...
CentOS7 埠的開放關閉查看都是用防火牆來控制的,具體命令如下:
查看防火牆狀態:(active (running) 即是開啟狀態)
[root@WSS bin]# systemctl firewalld status
Unknown operation 'firewalld'.
[root@WSS bin]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 四 2019-07-11 09:37:11 CST; 7h ago
Docs: man:firewalld(1)
Main PID: 44370 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─44370 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...t name.
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...t name.
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT ...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?).
7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?).
Hint: Some lines were ellipsized, use -l to show in full.
[root@WSS bin]#
查看已開放埠:(8080和3306 即是已開放埠)
[root@WSS bin]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3 ens4
sources:
services: ssh dhcpv6-client
ports: 8080/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@WSS bin]#
防火牆開放埠:(開放埠後需重載防火牆)
[root@WSS bin]# firewall-cmd --zone=public --add-port=3306/tcp --permanent success [root@WSS bin]#
[root@WSS bin]# firewall-cmd --reload
success
[root@WSS bin]#
命令含義:
–zone #作用域
–add-port=80/tcp #添加埠,格式為:埠/通訊協議
–permanent #永久生效,沒有此參數重啟後失效
firewall-cmd --reload 並不中斷用戶連接,即不丟失狀態信息
firewalld的基本使用 啟動: systemctl start firewalld 關閉: systemctl stop firewalld 查看狀態: systemctl status firewalld 開機禁用 : systemctl disable firewalld 開機啟用 : systemctl enable firewalld
systemctl是CentOS7的服務管理工具中主要的工具,它融合之前service和chkconfig的功能於一體。 啟動一個服務:systemctl start firewalld.service 關閉一個服務:systemctl stop firewalld.service 重啟一個服務:systemctl restart firewalld.service 顯示一個服務的狀態:systemctl status firewalld.service 在開機時啟用一個服務:systemctl enable firewalld.service 在開機時禁用一個服務:systemctl disable firewalld.service 查看服務是否開機啟動:systemctl is-enabled firewalld.service 查看已啟動的服務列表:systemctl list-unit-files|grep enabled 查看啟動失敗的服務列表:systemctl --failed
配置firewalld-cmd 查看版本: firewall-cmd --version 查看幫助: firewall-cmd --help 顯示狀態: firewall-cmd --state 查看所有打開的埠: firewall-cmd --zone=public --list-ports 更新防火牆規則: firewall-cmd --reload 查看區域信息: firewall-cmd --get-active-zones 查看指定介面所屬區域: firewall-cmd --get-zone-of-interface=eth0 拒絕所有包:firewall-cmd --panic-on 取消拒絕狀態: firewall-cmd --panic-off 查看是否拒絕: firewall-cmd --query-panic
