启动防火墙
systemctl start firewalld.service
查看防火墙状态
firewall-cmd --state
停止防火墙
systemctl stop firewalld.service
重启服务
systemctl restart firewalld.service
---------------------- 端口授权
开放8080端口(所有IP)
firewall-cmd --zone=public --add-port=8085/tcp --permanent
指定IP与端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8081" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8084" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8085" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8084" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8082" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8719" accept"
source address指需要授权给哪个ip
删除规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.10.16" port protocol="tcp" port="9059" accept"
---------------------- 端口授权 END
---------------------- 端口转发
开启端口伪装
firewall-cmd --permanent --add-masquerade
注:firewall-cmd --query-masquerade和/proc/sys/net/ipv4/ip_forward 这个文件内容是1表示开启
关闭端口伪装
firewall-cmd --permanent --remove-masquerade
开启端口转发
firewall-cmd --permanent --add-forward-port=port=700:proto=tcp:toaddr=192.168.0.1:toport=700
删除端口转发
firewall-cmd --permanent --remove-forward-port=port=700:proto=tcp:toaddr=192.168.0.1:toport=700
第一个端口为本机端口,后面的是访问本机端口转发到哪个机器的哪个端口
---------------------- 端口转发 END
重新载入,使配置生效(两者选一即可)
1、 重启服务
systemctl restart firewalld.service
2、 重新加载配置,不然新添加的不生效
firewall-cmd --reload
查看所有配置列表
firewall-cmd --list-all
iptables规则
查看iptables是否开放forward
iptables -S
开启forward
iptables -P FORWARD ACCEPT
其他
端口探测(测试到目的ip目的端口的连通性)
traceroute -n -T -p700 192.168.20.20
linux抓包指定端口(抓包8080端口的相关请求流量)
tcpdump -i eth0 -vnn port 8080