CentOS7 防火墙
一、防火墙的开启、关闭、禁用、查看状态命令
(1)启动防火墙:systemctl start firewalld
(2)关闭防火墙:systemctl stop firewalld
(3)设置开机启用防火墙:systemctl enable firewalld
(4)设置开机禁用防火墙:systemctl disable firewalld
(5)检查防火墙状态:systemctl status firewalld
二、使用firewall-cmd命令配置端口
(1)查看防火墙状态:firewall-cmd --state
(2)重新加载配置:firewall-cmd --reload
(3)查看已开放的端口:firewall-cmd --list-ports
(4)开放防火墙端口:firewall-cmd --zone=public --add-port=10050/tcp --permanent
命令含义:
–zone #作用域
–add-port=10050/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
注意:添加端口后,必须用命令firewall-cmd --reload重新加载一遍 或者systemctl restart firewalld重启防火墙才会生效
(5)关闭防火墙端口:firewall-cmd --zone=public --remove-port=9200/tcp --permanent
CentOS6 防火墙
一、防火墙的开启、关闭、禁用、查看状态命令
[root@localhost ~]# cd ~ //注意:要进入到~目录 也就是家目录下才能查看防火墙
(1)启动防火墙:service iptables start
(2)关闭防火墙:service iptables stop
(3)设置开机启用防火墙:chkconfig iptables on
(4)设置开机禁用防火墙:chkconfig iptables off
(5)检查防火墙状态:service iptables status
二、添加需要放开的服务器端口
[root@localhost ~]# vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT //比如我要添加80端口,其他端口只需要把80换成需要添加的端口就可以了
添加后重启防火墙:
[root@localhost ~]# service iptables start
以下为我的服务器的防火墙规则
[root@localhost ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 60101 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10050:10051 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 10050:10051 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT