• CentOS 7.0 防火墙操作


    CentOS 7.0默认使用的是firewall作为防火墙,之前版本是使用iptables。
    所以在CentOS 7执行下面命令是无法查看防火墙状态的。

    [root@localhost ~]# service iptables status
    Redirecting to /bin/systemctl status iptables.service
    Unit iptables.service could not be found.

    1
    2
    3
    4

    查看防火墙是否关闭

    firewall-cmd –state

    [root@localhost ~]# firewall-cmd --state
    not running
    [root@localhost ~]#

    1
    2
    3

    开启防火墙

    [root@localhost ~]# systemctl start firewalld
    [root@localhost ~]# firewall-cmd --state
    running
    [root@localhost ~]#

    1
    2
    3
    4
    5

    关闭防火墙

    [root@localhost ~]# systemctl stop firewalld
    [root@localhost ~]# firewall-cmd --state
    not running
    [root@localhost ~]#

    1
    2
    3
    4
    5

    禁止firewall开机启动

    [root@localhost ~]# systemctl disable firewalld
    Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
    Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

    1
    2
    3

    这样设置的话,下次重启开机的时候就会禁止firewall的启动,即关闭状态。
    设置firewall开机启动

    [root@localhost ~]# systemctl enable firewalld
    Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
    Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

    1
    2
    3
    4

    这样设置之后,开机就会自动开启防火墙。
    显示防火墙应用列表

    [root@localhost ~]# firewall-cmd --list-all
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: ens33
    sources:
    services: ssh dhcpv6-client
    ports:
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:

    [root@localhost ~]# firewall-cmd --add-service=ftp
    success
    [root@localhost ~]# firewall-cmd --list-all
    public (active)
    target: default
    icmp-block-inversion: no
    interfaces: ens33
    sources:
    services: ssh dhcpv6-client ftp
    ports:
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:

    [root@localhost ~]#

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34

    使用firewall-cmd --add-service=ftp 之后,列表显示出多了一个ftp服务
    ---------------------
    作者:黄宝康
    来源:CSDN
    原文:https://blog.csdn.net/huangbaokang/article/details/79923382
    版权声明:本文为博主原创文章,转载请附上博文链接!

  • 相关阅读:
    反射的基础详解
    数组,排序,枚举
    继承,多态,抽象,接口
    视图层 view
    常用类Object,String类详解
    模板层 Template
    自定义注解
    Django 高级
    常用类Math,StringBuffer,包装类,Date
    内部类,异常
  • 原文地址:https://www.cnblogs.com/javajetty/p/10676615.html
Copyright © 2020-2023  润新知