标题:
CentOS7.8_firewalld+SSH
[打印本页]
作者:
admin
时间:
2019-12-27 19:51
标题:
CentOS7.8_firewalld+SSH
CentOS5/6的防火墙叫netfilter,CentOS7/8的防火墙叫firewalld 查看操作系统的版本:
下载
(8.8 KB)
2020-8-19 14:46
查看防火墙firewalld的版本: [root@ser1 ~]# firewall-cmd --version
0.6.3
查看区域信息: (默认zone就是
public
) [root@ser1 ~]# firewall-cmd --get-active-zones
public
interfaces: ens33 查看指定网卡接口所属区域: [root@ser1 ~]# firewall-cmd --get-zone-of-interface=
ens33
public
查看firewalld所有打开的服务: [root@ser1 ~]# firewall-cmd --zone=public --list-services
dhcpv6-client ssh
注释: dhcpv6-client、ssh 是默认就有的,这些服务的默认端口是可以被访问;本机其他服务、端口是默认禁止外部IP地址进行访问的。 查看firewalld所有打开的端口:(虽然看不见TCP 22端口,但因为已经在firewalld的服务里打开了
ssh
,所以默认是可以访问的) firewall-cmd --zone=public --list-ports
下载
(4.26 KB)
2021-2-1 12:12
查看firewalld的当前配置信息:(firewalld的初始状态) firewall-cmd --list-all
下载
(15.79 KB)
2021-2-1 12:13
查看firewalld的配置文件:(firewalld的初始状态) [root@ser1 ~]# cat /etc/firewalld/zones/public.xml
Public
For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
关闭firewalld: [root@ser1 ~]# systemctl stop firewalld 禁止开机自动启动firewalld: [root@ser1 ~]# systemctl disable firewalld 启动firewalld: [root@ser1 ~]# systemctl start firewalld 开机自动启动firewalld: [root@ser1 ~]# systemctl enable firewalld ###### 只允许某个客户端IP地址远程SSH登录本机: 先在firewalld中删除
ssh
: [root@ser1 ~]# firewall-cmd --permanent --zone=public --remove-service=
ssh
success
插入防火墙规则:( 只允许IP地址(
192.168.168.163
)访问本机的TCP 22 端口 ) [root@ser1 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="
192.168.168.163
" port protocol="
tcp
" port="
22
" accept'
success
重新加载firewalld的配置: [root@ser1 ~]# firewall-cmd --reload
success
查看firewalld的当前配置信息: [root@ser1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
rule family="ipv4" source address="192.168.168.163" port port="22" protocol="tcp" accept
查看firewalld的配置文件: [root@ser1 ~]# cat /etc/firewalld/zones/public.xml
Public
For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
删除防火墙规则的方法: [root@ser1 ~]# firewall-cmd --permanent --zone=public --remove-rich-rule='
rule family="ipv4" source address="192.168.168.163" port port="22" protocol="tcp" accept
'
success
[root@ser1 ~]# firewall-cmd --reload
success
删除防火墙规则的模板: firewall-cmd --permanent --zone=public --remove-rich-rule='
#rich rules#
' 查看firewalld的当前配置信息: [root@ser1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: ###### 只允许某个客户端IP网段远程SSH登录本机: 插入防火墙规则:( 只允许网段(
192.168.168.0/24
)访问本机的TCP 22 端口 ) [root@ser1 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="
192.168.168.0/24
" port protocol="
tcp
" port="
22
" accept'
success
[root@ser1 ~]# firewall-cmd --reload
success
查看firewalld的当前配置信息: [root@ser1 ~]# firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
rule family="ipv4" source address="192.168.168.0/24" port port="22" protocol="tcp" accept
查看firewalld的当前配置信息: [root@ser1 ~]# cat /etc/firewalld/zones/public.xml
Public
For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
可以在配置文件里修改,然后重新加载firewalld的配置: [root@ser1 ~]# firewall-cmd --reload
success
相关文章:
CentOS8防火墙(firewalld)
CentOS7_TCP Wrappers
图片附件:
图片1.png
(2020-8-19 14:46, 8.8 KB) / 下载次数 137
http://blog.zhuohua.store/attachment.php?aid=10527&k=663c175502662fee24b0e33cbe2f6c5b&t=1714864216&sid=az6zWd
图片附件:
图片1.png
(2021-2-1 12:12, 4.26 KB) / 下载次数 114
http://blog.zhuohua.store/attachment.php?aid=15300&k=cbed2c70baa86471142f5b7b708ce6f2&t=1714864216&sid=az6zWd
图片附件:
图片2.png
(2021-2-1 12:13, 15.79 KB) / 下载次数 112
http://blog.zhuohua.store/attachment.php?aid=15301&k=26c90f87c51b3b43642218a7194fe651&t=1714864216&sid=az6zWd
欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)
Powered by Discuz! 7.2