linux 的防火牆簡單設置
1. 檢查防火牆狀態
- 代碼
firewall-cam --state
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]
2. 防火牆配置
- linux系統中有個配置文件,里面配置了開機后防火牆應該怎么工作
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
- 關閉防火牆
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
- 開啟防火牆
systemctl enable firewalld.service
- 但是,只會在下一次開機后才會啟用當前配置
3. 手動關閉防火牆
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]#
4. 手動開啟防火牆
[root@localhost ~]# systemctl start firewalld.service
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
5. 檢查開放的端口
firewall-cmd --list-ports
6. 查詢指定端口
[root@localhost ~]# firewall-cmd --query-port=80/tcp
no
[root@localhost ~]#p
7. 開放指定端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@localhost ~]#
可以開放一個范圍的端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=19-21/tcp --permanent
success
[root@localhost ~]#
8. 移除指定端口
[root@localhost ~]# firewall-cmd --zone=public --remove-port=80/tcp --permanent
success
[root@localhost ~]#
也可以移除范圍的端口
[root@localhost ~]# firewall-cmd --zone=public --remove-port=19-21/tcp --permanent
success
[root@localhost ~]#
注:開啟或關閉了防火牆,需要重新加載防火牆后才會生效
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]#
[root@localhost ~]# firewall-cmd --query-port=80/tcp
yes
[root@localhost ~]#