zoukankan      html  css  js  c++  java

  • Centos防火墙的配置

    Selinux的三种模式:enforcing,passive,disable

    临时更改模式:setengorce 1|0        1:enforcing,   0:passive

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# setenforce 0
3 [root@Centos7-Server html]# getenforce 
4 Permissive
    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# setenforce 1
3 [root@Centos7-Server html]# getenforce
4 Enforcing
5 [root@Centos7-Server html]#

    查询当前seLinux模式:getenforce

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# getenforce 
3 Enforcing
4 [root@Centos7-Server html]# 
5 [root@Centos7-Server html]#

    selinux 的服务是firewalld。

    防火墙的预定义区域:

    public:只允许访问本机的某几种服务,如ping,dhcp,ssh等。

    block:阻塞所有来访的请求

    drop:将所有来访的请求数据包丢弃。

    trusted:允许所有的访问请求。 

    查看默认区域:

    1 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
2 public
3 [root@Centos7-Server html]#

    修改默认区域:

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# firewall-cmd --set-default-zone=trusted
3 success
4 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
5 trusted
6 [root@Centos7-Server html]#

    查看区域详细信息:

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 3 public (active)
 4   target: default
 5   icmp-block-inversion: no
 6   interfaces: ens33
 7   sources: 
 8   services: ssh dhcpv6-client ftp http
 9   ports: 
10   protocols: 
11   masquerade: no
12   forward-ports: 
13   source-ports: 
14   icmp-blocks: 
15   rich rules: 
16     
17 [root@Centos7-Server html]#

    向区域中添加服务:

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --add-service=dns
 3 success
 4 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 5 public (active)
 6   target: default
 7   icmp-block-inversion: no
 8   interfaces: ens33
 9   sources: 
10   services: ssh dhcpv6-client ftp http dns
11   ports: 
12   protocols: 
13   masquerade: no
14   forward-ports: 
15   source-ports: 
16   icmp-blocks: 
17   rich rules: 
18     
19 [root@Centos7-Server html]#

     重新加载防火墙的配置:

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# firewall-cmd --reload
3 success
4 [root@Centos7-Server html]# 
5 [root@Centos7-Server html]# 
6 [root@Centos7-Server html]# 
     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 3 public (active)
 4   target: default
 5   icmp-block-inversion: no
 6   interfaces: ens33
 7   sources: 
 8   services: ssh dhcpv6-client
 9   ports: 
10   protocols: 
11   masquerade: no
12   forward-ports: 
13   source-ports: 
14   icmp-blocks: 
15   rich rules: 
16     
17 [root@Centos7-Server html]#

    永久配置防火墙策略:--permanent这个选项的作用是永久配置防火墙,配置后需要重新加载防火墙配置文件才能生效。

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=ftpsuccess
 3 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=http
 4 success
 5 [root@Centos7-Server html]# 
 6 [root@Centos7-Server html]# 
 7 [root@Centos7-Server html]# 
 8 [root@Centos7-Server html]# 
 9 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
10 public (active)
11   target: default
12   icmp-block-inversion: no
13   interfaces: ens33
14   sources: 
15   services: ssh dhcpv6-client
16   ports: 
17   protocols: 
18   masquerade: no
19   forward-ports: 
20   source-ports: 
21   icmp-blocks: 
22   rich rules: 
23     
24 [root@Centos7-Server html]# firewall-cmd --reload
25 success
26 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
27 public (active)
28   target: default
29   icmp-block-inversion: no
30   interfaces: ens33
31   sources: 
32   services: ssh dhcpv6-client ftp http
33   ports: 
34   protocols: 
35   masquerade: no
36   forward-ports: 
37   source-ports: 
38   icmp-blocks: 
39   rich rules: 
40     
41 [root@Centos7-Server html]#

    端口重定向:

    服务器将访问端口转换成另一个端口,如:192。168.0.50:5324 --》192.168.0.50:80通过5324端口访问网页。

     1 [root@Centos7-Server ~]# firewall-cmd --permanent --zone=public --add-forward-port=port=8010:proto=tcp:toport=80
 2 success
 3 [root@Centos7-Server ~]# 
 4 [root@Centos7-Server ~]# 
 5 [root@Centos7-Server ~]# 
 6 [root@Centos7-Server ~]# 
 7 [root@Centos7-Server ~]# firewall-cmd --reload 
 8 success
 9 [root@Centos7-Server ~]# 
10 [root@Centos7-Server ~]# 
11 [root@Centos7-Server ~]# 
12 [root@Centos7-Server ~]# 
13 [root@Centos7-Server ~]# 
14 [root@Centos7-Server ~]# 
15 [root@Centos7-Server ~]# firewall-cmd --zone=public --list-all
16 public (active)
17   target: default
18   icmp-block-inversion: no
19   interfaces: ens33
20   sources: 
21   services: ssh dhcpv6-client ftp http
22   ports: 
23   protocols: 
24   masquerade: no
25   forward-ports: port=8010:proto=tcp:toport=80:toaddr=
26   source-ports: 
27   icmp-blocks: 
28   rich rules: 
29     
30 [root@Centos7-Server ~]# 
31 [root@Centos7-Server ~]# 
32 [root@Centos7-Server ~]#
  • 相关阅读:
    browserwindow.js
    Spring官网下载dist.zip的几种方法
    Vmware vsphere client
    chkconfig
    【WS-Federation】到底有多少公司在用WS-Federation
    【Passport】微软过时的技术
    【NHibernate】应用层面需要掌握的知识汇总
    【NHibernate】HQL入门
    【内存】特别想看下程序在内存中的状态
    【NHibernate】配置- sql打印
  • 原文地址:https://www.cnblogs.com/mython/p/10711139.html
Copyright © 2011-2022 走看看