(1)安装防火墙
[CentOS6.x] yum -y install iptables-services #安装iptables防火墙
----------
[CentOS7.x] yum -y install firewalld #安装firewalld防火墙
(2)防火墙配置文件
[CentOS6.x] /etc/sysconfig/iptables #iptables防火墙配置文件
----------
[CentOS7.x] #firewalld防火墙配置文件
(3)查看防火墙的状态
[CentOS6.x] /etc/init.d/iptables status
[CentOS6.x] service iptables status #查看已经开放的端口
----------
[CentOS7.x] firewall-cmd --list-ports #查看已经开放的端口
[CentOS7.x] firewall-cmd --list-services #查看开放的服务
[CentOS7.x] firewall-cmd --state
[CentOS7.x] systemctl status firewalld
[CentOS7.x] systemctl is-enabled firewalld.service;echo $? #查看服务是否开机启动
[CentOS7.x] systemctl list-unit-files|grep enabled #查看已启动的服务列表
(4)开启防火墙
[CentOS6.x] /etc/init.d/iptables start #临时开启防火墙
[CentOS6.x] service iptables start #临时开启防火墙
[CentOS6.x] chkconfig iptables on #防火墙开机自启动
----------
[CentOS7.x] systemctl start firewalld.service #临时开启防火墙
[CentOS7.x] systemctl enable firewalld.service #防火墙开机自启动
(5)重新启动防火墙
[CentOS6.x] /etc/init.d/iptables restart #临时开启防火墙
[CentOS6.x] service iptables restart #临时开启防火墙
----------
[CentOS7.x] systemctl restart firewalld.service #临时开启防火墙
(6)关闭防火墙
[CentOS6.x] /etc/init.d/iptables stop #临时关闭防火墙
[CentOS6.x] service iptables stop #临时关闭防火墙
[CentOS6.x] chkconfig iptables off #禁止防火墙开机自启动
----------
[CentOS7.x] systemctl stop firewalld.service #临时关闭防火墙
[CentOS7.x] systemctl disable firewalld.service #禁止防火墙开机自启动
(5)增加防火墙规则
[CentOS6.x]
iptables -I INPUT -p tcp --dport 80 -j ACCEPT #允许80tcp端口访问
/etc/init.d/iptables save 或 service iptables save #保存防火墙规则即写到防火墙配置文件里
----------
[CentOS7.x]
firewall-cmd --zone=public --permanent --add-port=80/tcp #允许80tcp端口访问
firewall-cmd --reload #重新加载配置
命令含义:
--zone #作用域
--permanent #永久生效,没有此参数重启后失效
--add-port=80/tcp #添加端口,格式为:端口/通讯协议
补充:
firewall-cmd --add-service=mysql #开放mysql端口
firewall-cmd --add-port=3306/tcp #开放通过tcp访问3306
firewall-cmd --remove-service=http #阻止http端口
firewall-cmd --remove-port=80tcp #阻止通过tcp访问3306