centos 7 防火牆配置和白名單問題

2022-04-20 15:11:14 字數 2506 閱讀 4846

檢視防火牆狀態:


systemctl status firewalld


開啟防火牆並設定開機自啟
1. 開放 22埠:

firewall-cmd --zone=public --add-port=22/tcp --permanent


重新載入一下:


firewall-cmd --reload


檢視下是否生效:




firewall-cmd --zone=public --query-port=22/tcp


檢視開放的埠:


firewall-cmd --zone=public --list-ports


批量開放埠:


firewall-cmd --zone=public --add-port=100-500/tcp --permanent


檢視是否生效




firewall-cmd --zone=public --list-rich-rules
2. 插入**:

#!/bin/bash


# enable the firewall service


service firewalld start


# config firewall to permit ip range:


172.16.17.1-70, port:1521


firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept


'# permit 


172.16.17.63, since it is broadcast address in


above ip range.


firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept


'# permit 


172.16.17.64-70


one by one


firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept


'firewall-cmd --permanent --add-rich-rule='


rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept


'# reload 


for taking effect this time


firewall-cmd --reload

3. 檢視檔案,修改規則

vi /etc/firewalld/zones/public.xml

centos7防火牆配置

centos7防火牆配置 centos7使用的是linux kernel 3.10.0的核心版本,新版的kernel核心已經有了防火牆netfilter,並且firewalld的使用效能更高,穩定性更好。centos7配置防火牆的兩種方法 一 使用xml配置檔案的方式配置 方法一cp usr lib...

centos7防火牆配置

使用命令的方式配置centos7 防火牆 add firewall cmd permanent zone public add port 8080 tcp remove firewall cmd permanent zone public remove port 8080 tcp reload fi...

Centos7 防火牆配置

1 firewalld的基本使用 啟動 systemctl start firewalld 關閉 systemctl stop firewalld 檢視狀態 systemctl status firewalld 開機禁用 systemctl disable firewalld 開機啟用 system...