zoukankan      html  css  js  c++  java
  • Centos防火墙的配置

    Selinux的三种模式:enforcing,passive,disable

    临时更改模式:setengorce 1|0        1:enforcing,   0:passive

    1 [root@Centos7-Server html]# 
    2 [root@Centos7-Server html]# setenforce 0
    3 [root@Centos7-Server html]# getenforce 
    4 Permissive
    1 [root@Centos7-Server html]# 
    2 [root@Centos7-Server html]# setenforce 1
    3 [root@Centos7-Server html]# getenforce
    4 Enforcing
    5 [root@Centos7-Server html]# 

    查询当前seLinux模式:getenforce

    1 [root@Centos7-Server html]# 
    2 [root@Centos7-Server html]# getenforce 
    3 Enforcing
    4 [root@Centos7-Server html]# 
    5 [root@Centos7-Server html]# 

    selinux 的服务是firewalld。

    防火墙的预定义区域:

    public:只允许访问本机的某几种服务,如ping,dhcp,ssh等。

    block:阻塞所有来访的请求

    drop:将所有来访的请求数据包丢弃。

    trusted:允许所有的访问请求。 

    查看默认区域:

    1 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
    2 public
    3 [root@Centos7-Server html]# 

    修改默认区域:

    1 [root@Centos7-Server html]# 
    2 [root@Centos7-Server html]# firewall-cmd --set-default-zone=trusted
    3 success
    4 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
    5 trusted
    6 [root@Centos7-Server html]# 

    查看区域详细信息:

     1 [root@Centos7-Server html]# 
     2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
     3 public (active)
     4   target: default
     5   icmp-block-inversion: no
     6   interfaces: ens33
     7   sources: 
     8   services: ssh dhcpv6-client ftp http
     9   ports: 
    10   protocols: 
    11   masquerade: no
    12   forward-ports: 
    13   source-ports: 
    14   icmp-blocks: 
    15   rich rules: 
    16     
    17 [root@Centos7-Server html]# 

    向区域中添加服务:

     1 [root@Centos7-Server html]# 
     2 [root@Centos7-Server html]# firewall-cmd --zone=public --add-service=dns
     3 success
     4 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
     5 public (active)
     6   target: default
     7   icmp-block-inversion: no
     8   interfaces: ens33
     9   sources: 
    10   services: ssh dhcpv6-client ftp http dns
    11   ports: 
    12   protocols: 
    13   masquerade: no
    14   forward-ports: 
    15   source-ports: 
    16   icmp-blocks: 
    17   rich rules: 
    18     
    19 [root@Centos7-Server html]# 

     重新加载防火墙的配置:

    1 [root@Centos7-Server html]# 
    2 [root@Centos7-Server html]# firewall-cmd --reload
    3 success
    4 [root@Centos7-Server html]# 
    5 [root@Centos7-Server html]# 
    6 [root@Centos7-Server html]# 
     1 [root@Centos7-Server html]# 
     2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
     3 public (active)
     4   target: default
     5   icmp-block-inversion: no
     6   interfaces: ens33
     7   sources: 
     8   services: ssh dhcpv6-client
     9   ports: 
    10   protocols: 
    11   masquerade: no
    12   forward-ports: 
    13   source-ports: 
    14   icmp-blocks: 
    15   rich rules: 
    16     
    17 [root@Centos7-Server html]# 

    永久配置防火墙策略:--permanent这个选项的作用是永久配置防火墙,配置后需要重新加载防火墙配置文件才能生效。

     1 [root@Centos7-Server html]# 
     2 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=ftpsuccess
     3 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=http
     4 success
     5 [root@Centos7-Server html]# 
     6 [root@Centos7-Server html]# 
     7 [root@Centos7-Server html]# 
     8 [root@Centos7-Server html]# 
     9 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
    10 public (active)
    11   target: default
    12   icmp-block-inversion: no
    13   interfaces: ens33
    14   sources: 
    15   services: ssh dhcpv6-client
    16   ports: 
    17   protocols: 
    18   masquerade: no
    19   forward-ports: 
    20   source-ports: 
    21   icmp-blocks: 
    22   rich rules: 
    23     
    24 [root@Centos7-Server html]# firewall-cmd --reload
    25 success
    26 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
    27 public (active)
    28   target: default
    29   icmp-block-inversion: no
    30   interfaces: ens33
    31   sources: 
    32   services: ssh dhcpv6-client ftp http
    33   ports: 
    34   protocols: 
    35   masquerade: no
    36   forward-ports: 
    37   source-ports: 
    38   icmp-blocks: 
    39   rich rules: 
    40     
    41 [root@Centos7-Server html]# 

    端口重定向:

    服务器将访问端口转换成另一个端口,如:192。168.0.50:5324 --》192.168.0.50:80通过5324端口访问网页。

     1 [root@Centos7-Server ~]# firewall-cmd --permanent --zone=public --add-forward-port=port=8010:proto=tcp:toport=80
     2 success
     3 [root@Centos7-Server ~]# 
     4 [root@Centos7-Server ~]# 
     5 [root@Centos7-Server ~]# 
     6 [root@Centos7-Server ~]# 
     7 [root@Centos7-Server ~]# firewall-cmd --reload 
     8 success
     9 [root@Centos7-Server ~]# 
    10 [root@Centos7-Server ~]# 
    11 [root@Centos7-Server ~]# 
    12 [root@Centos7-Server ~]# 
    13 [root@Centos7-Server ~]# 
    14 [root@Centos7-Server ~]# 
    15 [root@Centos7-Server ~]# firewall-cmd --zone=public --list-all
    16 public (active)
    17   target: default
    18   icmp-block-inversion: no
    19   interfaces: ens33
    20   sources: 
    21   services: ssh dhcpv6-client ftp http
    22   ports: 
    23   protocols: 
    24   masquerade: no
    25   forward-ports: port=8010:proto=tcp:toport=80:toaddr=
    26   source-ports: 
    27   icmp-blocks: 
    28   rich rules: 
    29     
    30 [root@Centos7-Server ~]# 
    31 [root@Centos7-Server ~]# 
    32 [root@Centos7-Server ~]# 
  • 相关阅读:
    显示文件本地文件夹
    Select Dependencies选择依赖项
    搜索小技巧
    783. Minimum Distance Between BST Nodes BST节点之间的最小距离
    5. Longest Palindromic Substring 最长的回文子串
    12. Integer to Roman 整数转罗马数字
    3. Longest Substring Without Repeating Characters 最长的子串不重复字符
    539. Minimum Time Difference 最小时差
    43. Multiply Strings 字符串相乘
    445. Add Two Numbers II 两个数字相加2
  • 原文地址:https://www.cnblogs.com/mython/p/10711139.html
Copyright © 2011-2022 走看看