CentOS 7.0默认使用的是firewall作为防火墙,之前版本是使用iptables。
所以在CentOS 7执行下面命令是无法查看防火墙状态的。
[root@localhost ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
Unit iptables.service could not be found.
查看防火墙是否关闭
firewall-cmd --state
[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]#
开启防火墙
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]#
禁止firewall开机启动
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
这样设置的话,下次重启开机的时候就会禁止firewall的启动,即关闭状态。
设置firewall开机启动
[root@localhost ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
这样设置之后,开机就会自动开启防火墙。显示防火墙应用列表
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --add-service=ftp
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client ftp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost ~]#
使用firewall-cmd --add-service=ftp 之后,列表显示出多了一个ftp服务。