firewall-cmd 命令
1.启动、停止、查看 firewalld 服务
在安装 CentOS7 系统时,会自动安装 firewalld 和图形化工具 firewall-config。执行以下命令可以启动 firewalld 并设置为开机自启动状态。
[root@localhost ~]# systemctl start firewalld //启动 firewalld
[root@localhost ~]# systemctl enable firewalld //设置 firewalld 为开机自启动
如果 firewalld 正在运行,通过 systemctl status firewalld 或 firewall-cmd 命令可以查看其运行状态。
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 五 2019-10-11 12:14:52 CST; 4h 38min ago
Docs: man:firewalld(1)
Main PID: 762 (firewalld)
CGroup: /system.slice/firewalld.service
└─762 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
10月 11 12:14:52 localhost.localdomain systemd[1]: Starting firewalld - dynamic f....
10月 11 12:14:52 localhost.localdomain systemd[1]: Started firewalld - dynamic fi....
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: ICMP type 'beyond-...
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: beyond-scope: INVA...
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: ICMP type 'failed-...
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: failed-policy: INV...
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: ICMP type 'reject-...
10月 11 12:14:52 localhost.localdomain firewalld[762]: WARNING: reject-route: INVA...
Hint: Some lines were ellipsized, use -l to show in full.
或
[root@localhost ~]# firewall-cmd --state
running
如果想要禁用 firewalld,执行以下命令即可实现。
[root@localhost ~]# systemctl stop firewalld //停止 firewalld
[root@localhost ~]# systemctl disable firewalld //设置 firewalld 开机不自启动
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
2.获取预定义信息
firewall-cmd 预定义信息主要包括三种:可用的区域、可用的服务以及可用的 ICMP 阻塞类型,具体的查看命令如下所示。
[root@localhost ~]# firewall-cmd --get-zones //显示预定义的区域
block dmz drop external home internal public trusted work
[root@localhost ~]# firewall-cmd --get-services //显示预定义的服务
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio