设为首页收藏本站
开启辅助访问

CentOS防火墙设置

 您所在的位置:网站首页 centos firewall开放端口 CentOS防火墙设置

CentOS防火墙设置

#CentOS防火墙设置| 来源: 网络整理| 查看: 265

之前总结的一系列CentOS安装中间件的教程,都是假设在防火墙关闭的情况下进行的,在实战中可能会遇到端口不通等情况,如果是ECS云服务器,可以通过修改安全组策略的方式开启或关闭端口访问,但如果是自己的机器,需要手动关闭防火墙(或开启指定端口的访问),下面就介绍下CentOS 7和CentOS 6防火墙的常用设置

首先,确认服务器操作系统版本:

shell> cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) 复制代码CentOS 7 1、firewall服务 1)查看状态 Active: active (running),防火墙已开启 shell> systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2020-04-06 00:03:45 CST; 2s ago Docs: man:firewalld(1) Main PID: 5463 (firewalld) CGroup: /system.slice/firewalld.service └─5463 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid 复制代码Active: inactive (dead),防火墙已关闭 shell> systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) 复制代码2)启动&停止 启动 shell> systemctl start firewalld 复制代码停止 shell> systemctl stop firewalld 复制代码重启 shell> systemctl restart firewalld 复制代码3)开机自启动 允许开机启动 shell> systemctl enable firewalld 复制代码禁止开机启动 shell> systemctl disable firewalld 复制代码

综上,CentOS 7如果想简单粗暴的彻底关闭防火墙,直接执行:

shell> systemctl stop firewalld shell> systemctl disable firewalld 复制代码2、firewall命令 1)查看状态 running,防火墙已开启 shell> firewall-cmd --state running 复制代码not running,防火墙未开启 shell> firewall-cmd --state not running 复制代码2)查看防火墙规则 shell> firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp2s0 sources: services: ssh dhcpv6-client ports: 3888/tcp 2181/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: 复制代码3)端口控制 查看所有开启的端口 shell> firewall-cmd --list-ports 3888/tcp 2181/tcp 复制代码查看指定端口是否开启 shell> firewall-cmd --query-port=3306/tcp no shell> firewall-cmd --query-port=2181/tcp yes 复制代码添加端口 shell> firewall-cmd --add-port=2888/tcp --permanent success shell> firewall-cmd --add-port=65001-65010/tcp --permanent shell> firewall-cmd --reload success # 查看是否添加成功 shell> firewall-cmd --list-ports 3888/tcp 2181/tcp 2888/tcp 复制代码删除端口 shell> firewall-cmd --remove-port=2888/tcp --permanent success shell> firewall-cmd --reload success # 查看是否删除成功 shell> firewall-cmd --list-ports 3888/tcp 2181/tcp 复制代码范围添加 shell> firewall-cmd --add-port=65001-65010/tcp --permanent success shell> firewall-cmd --reload success shell> firewall-cmd --list-ports 3888/tcp 2181/tcp 65001-65010/tcp 复制代码重新加载(修改防火墙规则后需要执行reload) shell> firewall-cmd --reload success 复制代码CentOS 6 1、查看状态 防火墙已开启 shell> service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9200 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9000 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7002 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:15672 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:15672 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8010 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8769 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6379 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5672 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:15672 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2181 16 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 17 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 18 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 21 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7002 23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8001 24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 8888 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination 复制代码防火墙已关闭 shell> service iptables status iptables: Firewall is not running. 复制代码2、启动&停止 开启防火墙 shell> service iptables start iptables: Applying firewall rules: [ OK ] 复制代码关闭防火墙 shell> service iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] 复制代码重启防火墙 shell> service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] 复制代码3、开机自启动 允许开机启动 shell> chkconfig iptables on 复制代码禁止开机启动 shell> chkconfig iptables off 复制代码

综上,CentOS 6如果想简单粗暴的彻底关闭防火墙,直接执行:

shell> service iptables stop shell> chkconfig iptables off 复制代码4、开放指定端口 shell> vim /etc/sysconfig/iptables 复制代码

添加以下内容(假设要开放的端口为”2888“)

-A INPUT -p tcp -m tcp --dport 2888 -j ACCEPT 复制代码

重启防火墙

shell> service iptables restart 复制代码shell> service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination ... 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2888 ... 复制代码


【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3