作者:xiao666tian760 | 来源:互联网 | 2023-05-19 03:18
前言:CentOS7的防火墙默认使用是firewall,而我们通常使用iptables;本文记录了firewall基础的命令和iptables的安装和使用。firewall部分:part1:服
前言:CentOS7 的防火墙默认使用是firewall,而我们通常使用iptables;
本文记录了firewall基础的命令和iptables的安装和使用。
firewall部分:
part1 : 服务命令
systemctl start firewalld#启动
systemctl status firewalld #查看运行状态
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁用:禁止firewall开机启动
firewall-cmd --state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
firewall-cmd--reload 重启
part2 : 端口命令:
添加
firewall-cmd --zOne=public --add-port=80/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
重新载入
firewall-cmd --reload
查看
firewall-cmd --zOne= public --query-port=80/tcp
删除
firewall-cmd --zOne= public --remove-port=80/tcp --permanent
part3:示例
示例:firewall端口操作完之后需要重启服务生效
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --query-port=3307/tcp
no
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --add-port=3307/tcp --permanent
success
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --query-port=3307/tcp
no
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --reload
success
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --query-port=3307/tcp
yes
示例:mysql开放远程端口
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --add-port=3306/tcp --permanent
success
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --reload
success
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --state
running
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# firewall-cmd --zOne=public --query-port=3306/tcp
yes
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
iptables部分
part1 : 服务命令
systemctl start iptables #启动
systemctl status iptables #查看运行状态
systemctl restart iptables.service #停止iptables
systemctl stop iptables.service #停止iptables
systemctl disable iptables.service #禁用:禁止iptables开机启动
systemctl enable iptables.service #启用:设置iptables开机启动
part2 : 安装
step1 : 查看是否安装
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# systemctl status iptables
Unit iptables.service could not be found.
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
没有相关服务
step2 : yum install
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# yum install iptables-services
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 3.4 kB 00:00:00
mysql-connectors-community | 2.5 kB 00:00:00
mysql-tools-community | 2.5 kB 00:00:00
mysql56-community | 2.5 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 6.4 MB 00:00:06
Loading mirror speeds from cached hostfile
* base: mirrors.aliyuncs.com
* epel: mirrors.aliyuncs.com
* extras: mirrors.aliyuncs.com
* updates: mirrors.aliyuncs.com
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================
Installing:
iptables-services x86_64 1.4.21-17.el7 base 50 k
Transaction Summary
========================================================================================================================================
Install 1 Package
Total download size: 50 k
Installed size: 24 k
Is this ok [y/d/N]: Y
Downloading packages:
iptables-services-1.4.21-17.el7.x86_64.rpm | 50 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iptables-services-1.4.21-17.el7.x86_64 1/1
warning: /etc/sysconfig/iptables created as /etc/sysconfig/iptables.rpmnew
Verifying : iptables-services-1.4.21-17.el7.x86_64 1/1
Installed:
iptables-services.x86_64 0:1.4.21-17.el7
Complete!
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
安装成功!
step3 : check
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
step4 : start
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# systemctl start iptables
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# systemctl enable iptables.service
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
[root@iZ2zeczh9tfpmxmijw5qppZ ~]# systemctl status iptables iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2017-06-21 15:44:41 CST; 1min 17s ago Main PID: 506 (code=exited, status=0/SUCCESS)Jun 21 15:44:41 iZ2zeczh9tfpmxmijw5qppZ systemd[1]: Starting IPv4 firewall with iptables...Jun 21 15:44:41 iZ2zeczh9tfpmxmijw5qppZ iptables.init[506]: iptables: Applying firewall rules: [ OK ]Jun 21 15:44:41 iZ2zeczh9tfpmxmijw5qppZ systemd[1]: Started IPv4 firewall with iptables.[root@iZ2zeczh9tfpmxmijw5qppZ ~]#
step5 : 修改配置文件
vi /etc/sysconfig/iptables
systemctl restart iptables.service #重启防火墙使配置生效
step6 : 关闭SELINUX
vi/etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
备注:
SELINUX不关闭时,iptables不读取配置文件,一般采取关闭SELINUX的方式避免这种冲突
京公网安备 11010802041100号