【CentOS】防火墙firewalld

CentOS7 采用firewalld作为防火墙，之前是采用iptables作为防火墙。服务器无法连接可能是防火墙限制的原因。

修改防火墙配置。修改完后需要重启生效：firewall-cmd --reload

 

1、直接修改配置文件：/etc/firewalld/zones/public.xml（白名单模式）

<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. 
You do not trust the other computers on networks to not harm your computer. 
Only selected incoming connections are accepted.</description>
<servicename="dhcpv6-client"/>
<servicename="http"/> <!--允许http协议 -->
<servicename="ssh"/> <!--允许ssh协议 -->
<servicename="https"/> <!--允许https协议 -->
</zone>

2、通过命令修改配置

##Add
firewall-cmd --permanent --zone=public--add-port=80/tcp
##Remove
firewall-cmd --permanent --zone=public--remove-port=80/tcp
##Reload
firewall-cmd --reload

3、常用命令

查看防火墙状态：systemctl status firewalld.service

启动防火墙：systemctl start firewalld.service

关闭防火墙：systemctl stop firewalld.service

重新启动防火墙：systemctl restart firewalld.service