查看防火牆的狀態
# firewall-cmd --state
running
# systemctl stop firewalld //關閉防火牆服務
# systemctl start firewalld //開啟防火牆服務
# firewall-cmd --list-all
public (default, active)
interfaces: eno16777736
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
查看某服務是否開啟
# firewall-cmd --query-service ftp
yes
# firewall-cmd --query-service ssh
yes
# firewall-cmd --query-service samba
no
# firewall-cmd --query-service http
no
開啟關閉服務端口
暫時開放 ftp 服務
# firewall-cmd --add-service=ftp
永久開放 ftp 服務
# firewall-cmd --add-service=ftp --permanent
永久關閉
# firewall-cmd --remove-service=ftp --permanent
success
重啟一下
# systemctl restart firewalld
檢查設置是否生效
# iptables -L -n | grep 21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW
設置特殊端口開放
# firewall-cmd --add-port=3128/tcp
# firewall-cmd --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ftp ssh
ports: 3128/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
控制IP段訪問
#firewall-cmd --list-all 查看 默認是允許所有的訪問
#firewall-cmd --permanent --remove-service=ssh 禁掉
#firewall-cmd --permanent --add-rich-rule 'rule service name=ssh family=ipv4 source address=192.168.1.0/24 accept' 允許訪問
#firewall-cmd --permanent --add-rich-rule 'rule service name=ssh family=ipv4 source address=192.168.2.0/24 reject' 拒絕訪問
#firewall-cmd --reload 重啟一下
# firewall-cmd --list-all 在看一下變化。
#firewall-cmd --permanent --remove-rich-rule 'rule service name=ssh family=ipv4 source address=192.168.1.0/24 accept' 刪除策略
圖形界面配置
