zoukankan      html  css  js  c++  java

  • Centos防火墙的配置

    Selinux的三种模式:enforcing,passive,disable

    临时更改模式:setengorce 1|0        1:enforcing,   0:passive

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# setenforce 0
3 [root@Centos7-Server html]# getenforce 
4 Permissive
    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# setenforce 1
3 [root@Centos7-Server html]# getenforce
4 Enforcing
5 [root@Centos7-Server html]#

    查询当前seLinux模式:getenforce

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# getenforce 
3 Enforcing
4 [root@Centos7-Server html]# 
5 [root@Centos7-Server html]#

    selinux 的服务是firewalld。

    防火墙的预定义区域:

    public:只允许访问本机的某几种服务,如ping,dhcp,ssh等。

    block:阻塞所有来访的请求

    drop:将所有来访的请求数据包丢弃。

    trusted:允许所有的访问请求。 

    查看默认区域:

    1 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
2 public
3 [root@Centos7-Server html]#

    修改默认区域:

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# firewall-cmd --set-default-zone=trusted
3 success
4 [root@Centos7-Server html]# firewall-cmd --get-default-zone 
5 trusted
6 [root@Centos7-Server html]#

    查看区域详细信息:

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 3 public (active)
 4   target: default
 5   icmp-block-inversion: no
 6   interfaces: ens33
 7   sources: 
 8   services: ssh dhcpv6-client ftp http
 9   ports: 
10   protocols: 
11   masquerade: no
12   forward-ports: 
13   source-ports: 
14   icmp-blocks: 
15   rich rules: 
16     
17 [root@Centos7-Server html]#

    向区域中添加服务:

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --add-service=dns
 3 success
 4 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 5 public (active)
 6   target: default
 7   icmp-block-inversion: no
 8   interfaces: ens33
 9   sources: 
10   services: ssh dhcpv6-client ftp http dns
11   ports: 
12   protocols: 
13   masquerade: no
14   forward-ports: 
15   source-ports: 
16   icmp-blocks: 
17   rich rules: 
18     
19 [root@Centos7-Server html]#

     重新加载防火墙的配置:

    1 [root@Centos7-Server html]# 
2 [root@Centos7-Server html]# firewall-cmd --reload
3 success
4 [root@Centos7-Server html]# 
5 [root@Centos7-Server html]# 
6 [root@Centos7-Server html]# 
     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
 3 public (active)
 4   target: default
 5   icmp-block-inversion: no
 6   interfaces: ens33
 7   sources: 
 8   services: ssh dhcpv6-client
 9   ports: 
10   protocols: 
11   masquerade: no
12   forward-ports: 
13   source-ports: 
14   icmp-blocks: 
15   rich rules: 
16     
17 [root@Centos7-Server html]#

    永久配置防火墙策略:--permanent这个选项的作用是永久配置防火墙,配置后需要重新加载防火墙配置文件才能生效。

     1 [root@Centos7-Server html]# 
 2 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=ftpsuccess
 3 [root@Centos7-Server html]# firewall-cmd --permanent --zone=public --add-service=http
 4 success
 5 [root@Centos7-Server html]# 
 6 [root@Centos7-Server html]# 
 7 [root@Centos7-Server html]# 
 8 [root@Centos7-Server html]# 
 9 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
10 public (active)
11   target: default
12   icmp-block-inversion: no
13   interfaces: ens33
14   sources: 
15   services: ssh dhcpv6-client
16   ports: 
17   protocols: 
18   masquerade: no
19   forward-ports: 
20   source-ports: 
21   icmp-blocks: 
22   rich rules: 
23     
24 [root@Centos7-Server html]# firewall-cmd --reload
25 success
26 [root@Centos7-Server html]# firewall-cmd --zone=public --list-all
27 public (active)
28   target: default
29   icmp-block-inversion: no
30   interfaces: ens33
31   sources: 
32   services: ssh dhcpv6-client ftp http
33   ports: 
34   protocols: 
35   masquerade: no
36   forward-ports: 
37   source-ports: 
38   icmp-blocks: 
39   rich rules: 
40     
41 [root@Centos7-Server html]#

    端口重定向:

    服务器将访问端口转换成另一个端口,如:192。168.0.50:5324 --》192.168.0.50:80通过5324端口访问网页。

     1 [root@Centos7-Server ~]# firewall-cmd --permanent --zone=public --add-forward-port=port=8010:proto=tcp:toport=80
 2 success
 3 [root@Centos7-Server ~]# 
 4 [root@Centos7-Server ~]# 
 5 [root@Centos7-Server ~]# 
 6 [root@Centos7-Server ~]# 
 7 [root@Centos7-Server ~]# firewall-cmd --reload 
 8 success
 9 [root@Centos7-Server ~]# 
10 [root@Centos7-Server ~]# 
11 [root@Centos7-Server ~]# 
12 [root@Centos7-Server ~]# 
13 [root@Centos7-Server ~]# 
14 [root@Centos7-Server ~]# 
15 [root@Centos7-Server ~]# firewall-cmd --zone=public --list-all
16 public (active)
17   target: default
18   icmp-block-inversion: no
19   interfaces: ens33
20   sources: 
21   services: ssh dhcpv6-client ftp http
22   ports: 
23   protocols: 
24   masquerade: no
25   forward-ports: port=8010:proto=tcp:toport=80:toaddr=
26   source-ports: 
27   icmp-blocks: 
28   rich rules: 
29     
30 [root@Centos7-Server ~]# 
31 [root@Centos7-Server ~]# 
32 [root@Centos7-Server ~]#
  • 相关阅读:
    显示文件本地文件夹
    Select Dependencies选择依赖项
    搜索小技巧
    783. Minimum Distance Between BST Nodes BST节点之间的最小距离
    5. Longest Palindromic Substring 最长的回文子串
    12. Integer to Roman 整数转罗马数字
    3. Longest Substring Without Repeating Characters 最长的子串不重复字符
    539. Minimum Time Difference 最小时差
    43. Multiply Strings 字符串相乘
    445. Add Two Numbers II 两个数字相加2
  • 原文地址:https://www.cnblogs.com/mython/p/10711139.html
Copyright © 2011-2022 走看看