centos7之firewalld
centos7 防火墙篇
1.实操
1.1防火墙启停
#查看防火墙状态
systemctl status firewalld
#开启防火墙
systemctl start firewalld
#开机启动
systemctl enable firewalld
1.2端口开放
#开放9001端口
firewall-cmd --zone=public --add-port=9001/tcp --permanent
#重新载入一下防火墙设置,使设置生效
firewall-cmd --reload
#通过如下命令查看9001是否生效
firewall-cmd --zone=public --query-port=9001/tcp
#关闭端口
firewall-cmd --zone=public --remove-port=9001/tcp --permanent
1.3查询
#系统打开的端口列表
firewall-cmd --zone=public --list-ports
#重新载入一下防火墙设置,使设置生效
firewall-cmd --reload
#查看防火墙清单
firewall-cmd --list-all
1.4信任ip
#允许ip192.168.0.1访问9001端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
#重新载入一下防火墙设置,使设置生效
firewall-cmd --reload
#查看已设置规则
firewall-cmd --zone=public --list-rich-rules
#允许192.168.1.10所有访问所有端口
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.1.10" accept' --permanent
#移除192.168.1.10所有访问所有端口
firewall-cmd --zone=public --remove-rich-rule 'rule family="ipv4" source address="192.168.1.10" accept' --permanent
#允许192.168.2.0/24(0-255)所有访问所有端口
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.2.0/24" accept' --permanent
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.13" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.20" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.18" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.19" accept' --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
1.5限制ip
#限制IP为192.168.0.0的地址禁止访问9001端口即禁止访问机器
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0" port protocol="tcp" port="9001" reject"
firewall-cmd --reload
#删除已设置规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address=" 192.168.0.0" port protocol="tcp" port="9001" accept"
firewall-cmd --reload
#如设置未生效,可尝试直接编辑规则文件,删掉原来的设置规则,重新载入一下防火墙即可
vim /etc/firewalld/zones/public.xml