zoukankan      html  css  js  c++  java
  • centos 7 防火墙配置和白名单问题

    查看防火墙状态:
    systemctl status firewalld

    开启防火墙并设置开机自启
    • systemctl start firewalld
    • systemctl enable firewalld

    1. 开放 22端口:

    firewall-cmd --zone=public --add-port=22/tcp --permanent

    重新载入一下:
    firewall-cmd --reload

    查看下是否生效:
    firewall-cmd --zone=public --query-port=22/tcp

    查看开放的端口:
    firewall-cmd --zone=public --list-ports

    批量开放端口:
    firewall-cmd --zone=public --add-port=100-500/tcp --permanent
    查看是否生效
    firewall-cmd --zone=public --list-rich-rules
     

    2. 插入代码:

    #!/bin/bash
    
    # enable the firewall service
    service firewalld start
    
    # config firewall to permit ip range:172.16.17.1-70, port:1521
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.63, since it is broadcast address in above ip range.
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.64-70 one by one
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept'
    
    # reload for taking effect this time
    firewall-cmd --reload

    3. 查看文件,修改规则

    vi /etc/firewalld/zones/public.xml
  • 相关阅读:
    网文阅读笔记
    UUID
    各种网站
    项目
    常用正则表达式
    Struts 2.0 HelloWorld
    接口与抽象类(深入多态)
    #define的优点/volatile的好处
    基本套接口编程
    大小端判断及相互转化
  • 原文地址:https://www.cnblogs.com/leolzi/p/14004457.html
Copyright © 2011-2022 走看看