简介
firewalld:(系统/网络)就是防火墙!以前有iptables与ip6tables等防火墙机制,新的firewalld搭配firewall-cmd指令,可以快速的设置防火墙系统!因此,从CenterOS 7.1以后,iptables服务的启动脚本已经被忽略!请使用firewalld来取代iptables服务。虽然两者都是使用iptables的架构,不过在设定上面差很多!
防火墙设置
安装:yum install firewalld
启动:service firewalld start
检查状态:service firewalld status
关闭或禁用防火墙:service firewalld stop/disable
注:CentOS7的默认防火墙为Firewall。
确认是否安装Firewall:
[root@localhost redis-5.0.3]# yum list | grep firewall
firewall-config.noarch 0.4.4.4-14.el7 @anaconda
firewalld.noarch 0.4.4.4-14.el7 @anaconda
firewalld-filesystem.noarch 0.4.4.4-14.el7 @anaconda
python-firewall.noarch 0.4.4.4-14.el7 @anaconda
firewall-applet.noarch 0.4.4.4-14.el7 c7-media
system-config-firewall.noarch 1.2.29-10.el7 c7-media
system-config-firewall-base.noarch 1.2.29-10.el7 c7-media
system-config-firewall-tui.noarch 1.2.29-10.el7 c7-media
[root@localhost redis-5.0.3]#
确认Firewall服务是否开启:
[root@localhost redis-5.0.3]# ps -ef | grep firewall
root 46278 1 10 14:41 ? 00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
root 46400 40820 0 14:41 pts/2 00:00:00 grep --color=auto firewall
[root@localhost redis-5.0.3]#
重启Firewall服务:
[root@localhost redis-5.0.3]# service firewalld restart
Redirecting to /bin/systemctl restart firewalld.service
[root@localhost redis-5.0.3]#
[root@localhost redis-5.0.3]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since 一 2019-03-04 14:43:15 CST; 59s ago
Docs: man:firewalld(1)
Main PID: 46475 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─46475 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
3月 04 14:43:14 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
3月 04 14:43:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost redis-5.0.3]#
关闭Firewall服务:
[root@localhost redis-5.0.3]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@localhost redis-5.0.3]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
3月 04 12:49:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
3月 04 12:49:32 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
3月 04 12:49:33 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
3月 04 14:41:30 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
3月 04 14:41:31 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
3月 04 14:43:13 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
3月 04 14:43:14 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
3月 04 14:43:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
3月 04 14:45:39 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
3月 04 14:45:40 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost redis-5.0.3]#
firewall-cmd使用:
[root@localhost redis-5.0.3]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
# 查看Firewall版本:
[root@localhost redis-5.0.3]# firewall-cmd --version
0.4.4.4
[root@localhost redis-5.0.3]#
# 查看帮助文档:
[root@localhost redis-5.0.3]# firewall-cmd --help
...
# 查看Firewall状态:
[root@localhost redis-5.0.3]# firewall-cmd --state
running
[root@localhost redis-5.0.3]#
[root@localhost redis-5.0.3]# firewall-cmd --list-services
ssh dhcpv6-client