linux防火墙
Centos7.5默认安装firewalld
一、firewalld相关
#查看防火墙状态:
systemctl status firewalld
#安装firewalld:
yum install firewalld
#开启防火墙:
systemctl start firewalld
#关闭防火墙 :
systemctl stop firewalld
#重启防火墙 :
systemctl restart firewalld
#启用防火墙:
systemctl unmask firewalld
#禁用防火墙:
systemctl mask firewalld
#设置firewalld开机自启:
systemctl enable firewalld
#禁止firewall开机自启:
systemctl disable firewalld
#查看服务是否开机启动:(enabled已设置;disabled未设置)
systemctl is-enabled firewalld.service
#查看已开放端口:
firewall-cmd --zone=public --list-ports
#开放某个端口:
firewall-cmd --permanent --zone=public --add-port=3306/tcp
#移除某个端口:
firewall-cmd --permanent --zone=public --remove-port=3306/tcp
#重启防火墙(修改配置后要重启防火墙):
firewall-cmd --reload
二、安装iptables
1.关闭,禁用系统默认的firewall防火墙
#停止firewall:
systemctl stop firewalld.service
#禁止firewall开机自启:
systemctl disable firewalld.service
2.安装iptables
yum install -y iptables
3.升级iptables
yum update iptables
4.安装iptables-services
yum install iptables-services
5.编辑防火墙文件
vim /etc/sysconfig/iptables
ACCEPT代表开放的端口可以访问 ;whitelist代表白名单列表才能访问
*filter
:INPUT DROP [24:2613]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [39:3031]
:whitelist - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j whitelist
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
#开放端口8081
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A whitelist -s 10.0.0.132 -j ACCEPT
-A whitelist -s 10.0.0.132 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
#重启:
systemctl restart iptables.service
#查看状态:
systemctl status iptables.service
#设置为开机自启:
systemctl enable iptables.service