CentOS 默认防火墙使用指南

firewall 基本操作及配置举例。

0x01:基本操作

# # systemctl start firewalld # 启动
# systemctl status firewalld # 状态
# systemctl disable firewalld # 禁用
# systemctl stop firewalld # 停止

0x02:systemctl

systemctl是centos中必不可少的管理工具，它具备service和chkconfig的所有功能

# # systemctl start firewalld.service # 启动某个服务
# systemctl stop firewalld.service # 关闭某个服务
# systemctl restart firewalld.service # 重启某个服务
# systemctl status firewalld.service # 显示某个服务的状态
# systemctl enable firewalld.service # 开机时随机自启动
# systemctl disable firewalld.service # 禁止开机启动
# systemctl is-enabled firewalld.service # 查看是否开机启动
# systemctl list-unit-files|grep enabled # 查看已经启动的服务列表
# systemctl --failed # 查看启动失败的服务列表

0x03:基本配置firewall-cmd

# # firewall-cmd --version # 查看防火墙版本
# firewall-cmd --help # 查看命令操作帮助
# firewall-cmd --state # 显示当前状态
# firewall-cmd --zone=public --list-ports # 查看所有打开运行的端口
# firewall-cmd --reload # 不重启立即加载
# firewall-cmd --list-all-zones | more # 查看区域信息情况
# firewall-cmd --get-zone-of-interface=eth0 # 查看指定接口所属区域
# firewall-cmd --panic-on # 拒绝所有包
# firewall-cmd --panic-off # 取消拒绝状态
# firewall-cmd --query-panic # 查看是否拒绝

0x04:基本举例

# # firewall-cmd --zone=public --add-port=3306/tcp --permanent # 添加3306端口，--permanent 永久生效
# firewall-cmd --reload # 不重启立即加载
# firewall-cmd --zone=public --query-port=3306/tcp # 查看加入3306端口状态
# firewall-cmd --zone=public --remove-port=3306/tcp --permanent # 删除刚刚加入的防火墙规则3306
# firewall-cmd --permanent --remove-icmp-block=echo-request # 删除禁 ping
# firewall-cmd --permanent --add-icmp-block=echo-request # 开启禁 ping
# firewall-cmd --get-service # 查看已被允许的信息

具体管理规则

 # firewall-cmd --help
firewall-cmd高级功能可以到官方资料库了解更多信息。
https://fedoraproject.org/wiki/FirewallD/zh-cn
https://access.redhat.com/documentation/zh-CN/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
https://www.ibm.com/developerworks/cn/linux/1507_caojh/