配置firewalld防火墙开放3306端口教程
本文档详细介绍了如何在Linux系统中通过firewalld防火墙配置开放3306端口的步骤,包括禁用iptables、启用firewalld、查看并修改firewall规则,以及添加、删除端口和服务。请注意,对于云服务器,还需在云服务商处设置安全组规则以允许外部访问。
记录下来防止自己忘记,同时也积累一些知识,还有很多需要补充完善的地方,请大家多多指教!!
1,如果有安装iptables,禁用iptables服务
# 查看状态
[root@yangbin ~]# systemctl status iptables.service
# 停止iptables服务
[root@yangbin ~]# systemctl stop iptables.service
# 禁止启用iptables服务
[root@yangbin ~]# systemctl disable iptables.service2,启用firewalld
[root@yangbin ~]# systemctl start firewalld.service
3,查看firewall是否在运行
[root@yangbin ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-04-12 14:35:10 CST; 1 day 1h ago
Docs: man:firewalld(1)
Main PID: 13217 (firewalld)
CGroup: /system.slice/firewalld.service
└─13217 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Apr 12 14:35:54 yangbin firewalld[13217]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Apr 12 14:35:54 yangbin firewalld[13217]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Apr 12 14:35:54 yangbin firewalld[13217]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Apr 12 14:37:53 yangbin firewalld[13217]: ERROR: INVALID_ZONE: pubic
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Apr 12 14:38:09 yangbin firewalld[13217]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.4,查看default zone和active aone
我们还没有做任何配置,default zone和active zone都应该是public
[root@yangbin ~]# firewall-cmd --get-default-zone
public
[root@yangbin ~]# firewall-cmd --get-active-zone5,配置firewall-cmd
查看版本: firewall-cmd --version
查看帮助: firewall-cmd --help
显示状态: firewall-cmd --state
查看所有打开的端口: firewall-cmd--zone=public --list-ports
更新防火墙规则: firewall-cmd --reload
查看区域信息: firewall-cmd--get-active-zones
查看指定接口所属区域: firewall-cmd--get-zone-of-interface=eth0
拒绝所有包:firewall-cmd --panic-on
取消拒绝状态: firewall-cmd --panic-off
查看是否拒绝: firewall-cmd --query-panic
6,添加一个端口
firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
7,重新载入
firewall-cmd --reload
8,查看
firewall-cmd --zone=public --query-port=80/tcp
9,删除
firewall-cmd --zone=public --remove-port=80/tcp --permanent查看当前开了哪些端口
其实一个服务对应一个端口,每个服务对应/usr/lib/firewalld/services下面一个xml文件。
firewall-cmd --list-services
查看还有哪些服务可以打开
firewall-cmd --get-services
查看所有打开的端口:
firewall-cmd --zone=public --list-ports
当把上述的都配置完成后,如果你的linux是云服务器,千万不要忘记设置云服务器的按照权责规则,开通指定端口。否则,你的上述设置都是无用的。(普通虚拟机不用)
扫一扫
1687
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
