iptables和firewalld 的启动
systemctl status firewalld.service # 查看firewalld 防火墙状态
systemctl start firewalld.service # 启动 firewalld 防火墙
systemctl stop firewalld.service # 关闭 firewalld 防火墙
systemctl unmask firewalld.service # 启用 firewalld 防火墙
systemctl mask firewalld.service # 屏蔽 firewalld 防火墙
systemctl status iptables.service # 查看 iptables 状态
systemctl start iptables.service # 启动 iptables 防火墙
systemctl stop iptables.service # 关闭 iptables 防火墙
systemctl unmask iptables.service # 启用 iptables 防火墙
systemctl mask iptables.service # 屏蔽 iptables 防火墙
报错提示
执行 systemctl start firewalld 命令后出现Failed to start firewalld.service: Unit is masked
firewalld服务被锁定,不能添加对应端口
[root@flying-happy /]# systemctl unmask firewalld
[root@flying-happy /]#
[root@flying-happy /]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
[root@flying-happy /]#
执行命令,即可实现取消服务的锁定
# systemctl unmask firewalld
下次需要锁定该服务时执行
# systemctl mask firewalld
firewalld 添加端口
firewalld添加固定端口 , 删除固定端口
[root@flying-happy activemq-5.14.0]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
重复添加会报警告(已启用)
[root@flying-happy activemq-5.14.0]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
Warning: ALREADY_ENABLED: 8080:tcp
删除固定端口
[root@flying-happy activemq-5.14.0]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent
success
添加端口段
[root@flying-happy activemq-5.14.0]# firewall-cmd --zone=public --remove-port=30000-31000/tcp --permanent
success
重新载入规则 ,查看所有打开的端口
[root@flying-happy activemq-5.14.0]# firewall-cmd --reload
success
[root@flying-happy activemq-5.14.0]# firewall-cmd --zone=public --list-ports
80/tcp 3389/tcp 21/tcp 22/tcp
查看当前开了哪些端口
其实一个服务对应一个端口,每个服务对应/usr/lib/firewalld/services下面一个xml文件。
[root@flying-happy activemq-5.14.0]# firewall-cmd --list-services
ssh dhcpv6-client http
查看还有哪些服务可以打开
[root@flying-happy activemq-5.14.0]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server