firewalld firewall-cmd

最新推荐文章于 2024-06-12 13:19:59 发布
最新推荐文章于 2024-06-12 13:19:59 发布
阅读量1.2w 收藏 2
点赞数
分类专栏: linux

原文地址:http://www.oracle-base.com/articles/linux/linux-firewall-firewalld.php

Reverting to the iptables Service

# systemctl stop firewalld
# systemctl disable firewalld

# iptables-service

# touch /etc/sysconfig/iptables
# systemctl start iptables
# systemctl enable iptables

# touch /etc/sysconfig/ip6tables
# systemctl start ip6tables
# systemctl enable ip6table

Installation

# yum install firewalld firewall-config

# systemctl start firewalld.service
# systemctl enable firewalld.service

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sun 2014-04-20 14:06:46 BST; 30s ago
 Main PID: 13246 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─13246 /usr/bin/python /usr/sbin/firewalld --nofork --nopid

Apr 20 14:06:44 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Apr 20 14:06:46 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

# systemctl stop firewalld.service
# systemctl disable firewalld.service

firewall-cmd

# firewall-cmd --help

# Check firewall state.
firewall-cmd --state

# Check active zones.
firewall-cmd --get-active-zones

# Check current active services.
firewall-cmd --get-service


# Check services that will be active after next reload.
firewall-cmd --get-service --permanent

Lock down and unlock the firewall using the following commands.

# firewall-cmd --panic-on
success
# firewall-cmd --query-panic
yes
# firewall-cmd --panic-off
success
# firewall-cmd --query-panic
no

Reload the runtime configuration from the permanent files using the following command.

# firewall-cmd --reload

The firewall comes with predefined services, which are XML files is the "/usr/lib/firewalld/services/" directory.

# ls /usr/lib/firewalld/services/
amanda-client.xml      http.xml         libvirt.xml  pmwebapis.xml     ssh.xml
bacula-client.xml      imaps.xml        mdns.xml     pmwebapi.xml      telnet.xml
bacula.xml             ipp-client.xml   mountd.xml   pop3s.xml         tftp-client.xml
dhcpv6-client.xml      ipp.xml          ms-wbt.xml   postgresql.xml    tftp.xml
dhcpv6.xml             ipsec.xml        mysql.xml    proxy-dhcp.xml    transmission-client.xml
dhcp.xml               kerberos.xml     nfs.xml      radius.xml        vnc-server.xml
dns.xml                kpasswd.xml      ntp.xml      rpc-bind.xml      wbem-https.xml
ftp.xml                ldaps.xml        openvpn.xml  samba-client.xml
high-availability.xml  ldap.xml         pmcd.xml     samba.xml
https.xml              libvirt-tls.xml  pmproxy.xml  smtp.xml

You shouldn't edit these. Instead, copy a specific service file to the "/etc/firewalld/services/" directory and editing it there. The firewalld service always uses files in "/etc/firewalld/services/" directory in preference to those in the "/usr/lib/firewalld/services/" directory. Remember to reload the config after making any changes.

Add an existing service to a zone.

# # Set runtime and permanent independently.
# firewall-cmd --zone=public --add-service=https
# firewall-cmd --permanent --zone=public --add-service=https

or

# # Set permanent and reload the runtime config.
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload

All subsequent examples will assume you want to amend both the runtime and permanent configuration and will only set the permanent configuration and then reload the runtime configuration.

Once you've amended the default configuration, the "/etc/firewalld/zones/public.xml" file will be created. You can manually amend this file, but you will need to issue a reload for the changes to take effect.

Check the services in a zone.

# firewall-cmd --zone=public --list-services
dhcpv6-client https ss
# firewall-cmd --permanent --zone=public --list-services
dhcpv6-client https ss

Remove a service from a zone.

# firewall-cmd --permanent --zone=public --remove-service=https
# firewall-cmd --reload

Open a specific port or range in a zone, check its runtime and permanent configuration, then remove it.

# firewall-cmd --permanent --zone=public --add-port=8080-8081/tcp
# firewall-cmd --reload

# firewall-cmd --zone=public --list-ports
8080-8081/tcp
# firewall-cmd --permanent --zone=public --list-ports
8080-8081/tcp

# firewall-cmd --permanent --zone=public --remove-port=8080-8081/tcp
# firewall-cmd --reload

Rich rules allow you to create more complex configurations. The following command allows you to open HTTP access to a specific IP address.

# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" \
    source address="192.168.0.4/24" service name="http" accept"

The "/etc/firewalld/zones/public.xml" file now contains the rich rule.

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks
               to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <rule family="ipv4">
    <source address="192.168.0.4/24"/>
    <service name="http"/>
    <accept/>
  </rule>
</zone>

The rule can be removed directly from the XML file, or removed using the "--remove-rich-rule" option.

# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" \
    source address="192.168.0.4/24" service name="http" accept"

The following example opens and closes port 8080 for a specific source IP address using a rich rule.

# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" \
     source address="192.168.0.4/24" \
     port protocol="tcp" port="8080" accept"


# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks
               to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <rule family="ipv4">
    <source address="192.168.0.4/24"/>
    <port protocol="tcp" port="8080"/>
    <accept/>
  </rule>
</zone>
#


# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" \
     source address="192.168.0.4/24" \
     port protocol="tcp" port="8080" accept"

Backups and Transfers of Firewall Configuration

As all non-default configuration is placed under the "/etc/firewalld/" directory, taking a copy of the contents of this directory and its sub-directories constitutes a backup of the firewall configuration.

Not surprisingly, transferring the contents of this directory will allow you to duplicate the firewall configuration in other servers.

tg5156
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
firewall-cmd命令 防火墙管理器
01-09
firewall-cmd提供了一个动态管理的防火墙,支持网络/防火墙区域来定义网络连接或接口的信任级别。它支持IPv4、IPv6防火墙设置和以太网网桥,并将运行时和永久配置选项分开。它还支持服务或应用程序直接添加防火墙...
Linux系统firewall-cmd 命令详解.docx
02-07
firewall-cmdfirewalld 的字符界面管理工具,firewalld 是 CentOS 7 的一大特性。firewalld 最大的好处有两个:支持动态更新,不用重启服务;第二个就是加入了防火墙的“zone”概念。 firewalld 跟 iptables 比...
命令firewalldfirewall-cmd用法
阿干tkl的博客
05-14 2315
firewalld命令
使用firewall-cmd查询端口状态并记录到日志文件
Leon_Jinhai_Sun的博客
03-05 268
使用firewall-cmd查询端口状态并记录到日志文件
firewall-cmd命令详解
最新发布
niaooer的博客
06-12 341
参考:https://www.cnblogs.com/wangshuyang/p/11941547.html。
Linux命令行报bash:.....:command not found的解决办法
热门推荐
BlueStar's Blog
07-30 10万+
                Linux命令行输入命令执行后报“bash:....:command not found”这是由于系统PATH设置问题,PATH没有设置对,系统就无法找到精确命令了。                    1、在命令行中输入:export PATH=/usr/bin:/usr/sbin:/bin:/sbin:/usr/X11R6/bin  这样可以保证命
-bash: firewall: 未找到命令Error: INVALID_ZONE: =public解决方案
m0_64295612的博客
07-06 1万+
-bash: firewall: 未找到命令Error: INVALID_ZONE: =public解决方案,firewall-cmd --zone=public --add-port=1551/tcp --permanent
Centos7 firewall-cmd not found
A_银河之光
04-28 6万+
未识别的命令 firewall-cmd 可能是没有安装firewall。安装命令: yum install firewalld firewalld的基本使用 启动: systemctl start firewalld 关闭: systemctl stop firewalld 查看状态: systemctl status firewalld 开机禁用 : systemctl disable f...
CentOS 7 中firewall-cmd命令详细介绍
01-10
CentOS 7 中firewall-cmd命令 在 CentOS 7 暂时开放 ftp 服务 # firewall-cmd –add-service=ftp 永久开放 ftp 服务 # firewall-cmd –add-service=ftp –permanent 永久关闭 # firewall-cmd –remove-service=ftp...
firewallcmd命令.txt
09-16
3、firewalld防火墙有两个管理工具,命令行工具:firewall-cmd,图型化的管理工具:firewall-config 。也可以直接编辑XML文件(官方不建议使用些方法)。 4、frewall-cmd创建防火墙规则分基本规则与富规则(Rich ...
CentOS 7下用firewall-cmd控制端口与端口转发详解
01-10
firewall-cmd命令需要firewalld进程处于运行状态。我们可以使用systemctl status/start/stop/restart firewalld来控制这个守护进程。firewalld进程为防火墙提供服务。 当我们修改了某些配置之后(尤其是配置文件的...
Linux开启Firewalld防火墙日志记录(学习笔记)
cc__niu的博客
12-07 1625
Firewalld 的 logdenied 选项默认情况下只会记录被拒绝的数据包,即 REJECT 类型的日志。这是因为 logdenied 选项主要用于记录被防火墙拒绝的数据包,以便进行审计和故障排除。
-bash : xxx : command not found 新安装Linux后,安装一些必须软件(持续更新……)
孤天浪雨
08-03 4万+
使用yum命令安装:先yum search ifconfig  查找安装包,使用yum install net-tools安装即可! 一、安装包: ifconfig (网络\IP): yum install net-toolsunzip zip(压缩\解压缩) : yum install -y unzip ziprz (文件上传) : yum install lrzsz.x86_64
linux中防火墙操作命令
喜羊羊love红太狼
08-28 1800
[root@VM-0-6-centos /]# firewall -cmd --list -all -bash: firewall: command not found 因为centos中没有安装firewall 安装firewall [root@VM-0-6-centos /]# yum install firewalld 启动命令 [root@VM-0-6-centos /]# systemctl start firewalld 停用命令 [root@VM-0-6..
usage: see firewall-cmd man page firewall-cmd: error: unrecognized arguments: -add-port=8088/tcp
liyanhui1001的专栏
06-06 3万+
linux centos7 默认防火墙是关闭的,设置了开启端口后一定要重启防火墙,否则端口开启会不起作用 查看已开启的端口 firewall-cmd --list-ports 查看防火墙状态 firewall-cmd --state 开启防火墙 systemctl start firewalld 开启端口 firewall-cmd --zone=public --add-port=6379/tcp --permanent 重启防火墙 firewall-cmd --reload ..
一个坑firewall-cmd: error: unrecognized arguments
qq_43644023的博客
04-06 1万+
写一个比较坑的问题,添加端口号的过程中出现下面的问题 [root@instance~]# firewall-cmd --zone=public –-add-port=80/tcp --permanent usage: see firewall-cmd man page firewall-cmd: error: unrecognized arguments: –-add-port=80/tcp 下意识的检查一下防火墙的状态,仍然是开启状态,但是百般搜索都是让开启防火墙,自己测试了一下,防火墙是否开启执行添加
Linux(CentOS)下使用firewall-cmd查看、开放、关闭端口及防火墙设置
Ditto的分享
09-23 1万+
​ Linux操作系统中使用firewall-cmd查看、开放、关闭端口及设置防火墙,同时进行流量转发。
# Linux命令之firewall-cmd
超级无敌棒棒糖
07-27 3802
CENTOS 7 FIREWALLD详解及添加删除策略 文章目录CENTOS 7 FIREWALLD详解及添加删除策略一、CENTOS7中FIREWALL防火墙二、防火墙配置文件三、CENTOS7的FIREWALLD开启端口/IP、屏蔽IP四、FIREWALLD防火墙 禁止/限制 特定用户的IP访问,DROP和REJECT区别 原文链接:https://www.cnblogs.com/faithH/p/11811286.html 一、CENTOS7中FIREWALL防火墙 修改防火墙配置文件之前,需要对
防火墙firewall-cmd用法
weixin_49278803的博客
04-03 1969
注:**-permanent参数表示永久生效设置,如果没有指定-zone参数,则加入默认区域。1、查看防火墙开放的所有端口。7、查看防火墙默认的域。3、查看端口是否开启。4、重新载入防火规则。
firewall-cmd
05-17
firewall-cmd 是一个命令行工具,用于管理 firewalld 服务的防火墙规则。它可以添加、删除和列出规则,以及打开和关闭服务端口等。 一些常用的 firewall-cmd 命令包括: - `firewall-cmd --state`:显示防火墙状态。 - `firewall-cmd --get-zones`:列出可用的防火墙区域。 - `firewall-cmd --zone=public --add-port=80/tcp --permanent`:在 public 区域中添加一个允许TCP协议的80端口,持久化保存规则。 - `firewall-cmd --zone=public --remove-port=80/tcp --permanent`:在 public 区域中删除规则,持久化保存规则。 - `firewall-cmd --reload`:重新加载防火墙规则。 需要注意的是,firewall-cmd 命令需要以 root 权限运行。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值