centos 7 防火墙配置和白名单问题 

查看防火墙状态:
systemctl status firewalld

开启防火墙并设置开机自启

systemctl start firewalld

systemctl enable firewalld

 

开放 22端口:
firewall-cmd --zone=public --add-port=22/tcp --permanent

重新载入一下:
firewall-cmd --reload

查看下是否生效:
firewall-cmd --zone=public --query-port=22/tcp

查看开放的端口:
firewall-cmd --zone=public --list-ports

批量开放端口:
firewall-cmd --zone=public --add-port=100-500/tcp --permanent

查看是否生效
firewall-cmd --zone=public --list-rich-rules
2. 插入代码:
#!/bin/bash

# enable the firewall service
service firewalld start

# config firewall to permit ip range:172.16.17.1-70, port:1521
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept'

# permit 172.16.17.63, since it is broadcast address in above ip range.
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept'

# permit 172.16.17.64-70 one by one
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept'

# reload for taking effect this time
firewall-cmd --reload

 

3. 查看文件,修改规则

vi /etc/firewalld/zones/public.xml

常用命令:
systemctl start firewalld #启动
systemctl stop firewalld #停止
systemctl status firewalld #查看状态
systemctl disable firewalld #开机禁用
systemctl enable firewalld #开机启动

开放或关闭端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent #开放80/tcp端口 (--permanent永久生效,没有此参数重启后失效)
firewall-cmd --zone=public --query-port=80/tcp #查看80/tcp端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent #关闭80/tcp端口

批量开放或关闭端口:
firewall-cmd --zone=public --add-port=40000-45000/tcp --permanent #批量开放端口,打开从40000到45000之间的所有端口
firewall-cmd --zone=public --list-ports #查看系统所有开放的端口
firewall-cmd --zone=public --remove-port=40000-45000/tcp --permanent #批量关闭端口,关闭从40000到45000之间的所有端口

 

posted @ 2020-11-19 11:20  leolzi  阅读(2438)  评论(0编辑  收藏  举报