Linux网络基础、Linux防火墙

Linux网络基础

• ip addr 命令 &＃xff1a;查看网口信息
• ifconfig命令&＃xff1a;查看网口信息&＃xff0c;要比ip addr更明了一些 centos 7默认没安装ifconfig命令&＃xff0c;可以使用yum install -y net-tools命令来安装。
• ifconfig -a查看所有的网口信息&＃xff0c;包括down掉的网口。
• ifdown 网卡 &＃xff1a;禁用该网卡
• ifup 网卡 &＃xff1a;启用该网卡 ifdown/ifup命令适用于单独重启一块网卡使用。 当所有网卡和网络服务都需要重启时&＃xff0c;使用 systemctl restart network.service 命令。 ip addr / ifconfig&＃xff1a;

[root&＃64;localhost ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:ca:10:bb brd ff:ff:ff:ff:ff:ffinet 192.168.254.130/24 brd 192.168.254.255 scope global eno16777736valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:feca:10bb/64 scope link valid_lft forever preferred_lft forever
[root&＃64;localhost ~]# ifconfig
eno16777736: flags&＃61;4163 mtu 1500inet 192.168.254.130 netmask 255.255.255.0 broadcast 192.168.254.255inet6 fe80::20c:29ff:feca:10bb prefixlen 64 scopeid 0x20ether 00:0c:29:ca:10:bb txqueuelen 1000 (Ethernet)RX packets 4876 bytes 323068 (315.4 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 386 bytes 31740 (30.9 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags&＃61;73 mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10loop txqueuelen 0 (Local Loopback)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


重启一块网卡&＃xff0c;ifdown 网卡 && ifup 网卡

[root&＃64;localhost ~]# ifdown eno16777736 && ifup eno16777736
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)


重启整个网络服务 systemctl restart network.service

设置虚拟网卡并添加ip

• cp ifcfg-em1 ifcfg-em1:\0
• vim ifcfg-em1:0

HWADDR&＃61;00:0C:29:CA:10:BB
TYPE&＃61;Ethernet
BOOTPROTO&＃61;static
DEFROUTE&＃61;yes
PEERDNS&＃61;yes
PEERROUTES&＃61;yes
IPV4_FAILURE_FATAL&＃61;no
IPV6INIT&＃61;yes
IPV6_AUTOCONF&＃61;yes
IPV6_DEFROUTE&＃61;yes
IPV6_PEERDNS&＃61;yes
IPV6_PEERROUTES&＃61;yes
IPV6_FAILURE_FATAL&＃61;no
NAME&＃61;em1:0 改名字
UUID&＃61;8fa73c35-53a7-432b-a659-752a2930ee49
ONBOOT&＃61;yes
IPADDR&＃61;192.168.254.150 该ip
NETMASK&＃61;255.255.255.0


查看网口状态

-mii -tool 可以查看网口是否连接网线 -ethtool 可以查看网口信息

[root&＃64;localhost network-scripts]# mii-tool eno16777736
eno16777736: negotiated 1000baseT-FD flow-control, link ok
[root&＃64;localhost network-scripts]# ethtool eno16777736
Settings for eno16777736:Supported ports: [ TP ]Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: NoSupports auto-negotiation: YesAdvertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: NoAdvertised auto-negotiation: YesSpeed: 1000Mb/sDuplex: FullPort: Twisted PairPHYAD: 0Transceiver: internalAuto-negotiation: onMDI-X: off (auto)Supports Wake-on: dWake-on: dCurrent message level: 0x00000007 (7)drv probe linkLink detected: yes


更改主机名命令

• hostname:查看主机名
• hostnamectl set-hostname name 更改主机名
• 主机名配置文件为/etc/hostname

[root&＃64;localhost ~]# hostname
localhost.localdomain
[root&＃64;localhost ~]# hostnamectl set-hostname llll
[root&＃64;localhost ~]# hostname
llll
[root&＃64;localhost ~]# cat /etc/hostname
llll


dns配置文件 /etc/resolv.conf

• etc/hosts 为静态域名解析配置文件&＃xff0c;仅本机生效

Linux防火墙 netfilter firewalld

centos 7之前用的防火墙是netfilter 之后的防火墙是firewalld &＃xff0c;centos 7一样可以运行netfilter。步骤如下&＃xff1a;

1. systemctl disable firewalld 开机不启动firewalld
2. systemctl stop firewalld 关掉firewalld
3. yum install -y iptables-services 安装netfilter
4. systemctl enble iptables
5. systemctl start iptables 运行netfilter、

[root&＃64;localhost ~]# systemctl disable firewalld
rm &＃39;/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service&＃39;
rm &＃39;/etc/systemd/system/basic.target.wants/firewalld.service&＃39;
[root&＃64;localhost ~]# systemctl stop firewalld
[root&＃64;localhost ~]# yum install -y iptables-services
[root&＃64;localhost ~]# systemctl enable iptables
ln -s &＃39;/usr/lib/systemd/system/iptables.service&＃39; &＃39;/etc/systemd/system/basic.target.wants/iptables.service&＃39;
[root&＃64;localhost ~]# systemctl start iptables


• iptables -nvL 查看默认规则

[root&＃64;localhost ~]# systemctl enable iptables
ln -s &＃39;/usr/lib/systemd/system/iptables.service&＃39; &＃39;/etc/systemd/system/basic.target.wants/iptables.service&＃39;
[root&＃64;localhost ~]# systemctl start iptables
[root&＃64;localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 29 2044 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22161 17185 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT 58 packets, 7996 bytes)pkts bytes target prot opt in out source destination

iptables 有五个表&＃xff0c;filter nat mangle raw security 常用的表示filter 和nat iptables 的规则保存在 /etc/sysconfig/iptables 中

• iptables -F 清空规则&＃xff0c;不会清空规则文件中的规则&＃xff0c;除非使用service iptables save.
• systemctl iptables restart 重启iptables
• iptables -Z 清空计数器
• iptables -t 指定表&＃xff0c;不加-t默认是指定到filter
• iptables -A 添加一条规则&＃xff0c;会写到最后面
• iptables -I 插入一条规则&＃xff0c;会写到最前面&＃xff0c;前面匹配到规则直接执行&＃xff0c;不会继续向匹配
• iptables -D 删除一条规则

1. iptables -nuL --line-number 查看规则编号
2. iptables -D 表 编号 通过编号删除规则

• iptables -P 更改默认规则&＃xff08;accept&＃xff0c;drop&＃xff0c;eject三个选项&＃xff09;&＃xff0c;最好不要动