CentOS7 Firewall防火墙常用命令

admin 提交于 周六, 07/20/2019 - 10:56

开启防火墙

systemctl start firewalld.service

关闭防火墙

systemctl stop firewalld.service

开启开机启动防火墙

systemctl enable firewalld.service

关闭开机启动防火墙

systemctl disable firewalld.service

查看防火墙状态

systemctl status firewalld.service

开启某个端口(80)

firewall-cmd --zone=public --add-port=80/tcp --permanent   #永久
firewall-cmd --zone=public --add-port=80/tcp               #临时

只允许指定ip访问3306 端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="3306" accept"

允许服务器的指定ip的指定端口可以被访问(服务器多ip状态下)

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" destination address="192.168.142.166" port protocol="tcp" port="3306" accept"

端口转发

firewall-cmd --zone=public --add-masquerade --permanent    #打开IP地址伪装
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 —permanent #将8080转发到80

创建黑名单

#创建blacklist ipset
firewall-cmd --permanent --zone=public --new-ipset=blacklist --type=hash:ip
#封禁 blacklist
firewall-cmd --permanent --zone=public --add-rich-rule='rule source ipset=blacklist drop'
#查看 blacklist
firewall-cmd --ipset=blacklist --get-entries
#添加IP到黑名单
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=212.237.51.36
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=188.226.191.66
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=80.211.137.182
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=60.191.66.226

禁止被PING(丢弃ICMP包)

firewall-cmd --permanent --zone=public --add-rich-rule='rule protocol value=icmp drop'  

重载防火墙配置

firewall-cmd --reload

 

添加新评论

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

图形验证
键入显示在图片中的字符
分类