blog.zhuohua.store - Powered by Discuz! Board

标题: CentOS7.8_firewalld+SSH [打印本页]

作者: admin 时间: 2019-12-27 19:51 标题: CentOS7.8_firewalld+SSH

CentOS5/6的防火墙叫netfilter，CentOS7/8的防火墙叫firewalld 查看操作系统的版本：图片1.png

查看防火墙firewalld的版本： [root@ser1 ~]# firewall-cmd --version 0.6.3 查看区域信息: （默认zone就是 public ） [root@ser1 ~]# firewall-cmd --get-active-zones public interfaces: ens33 查看指定网卡接口所属区域： [root@ser1 ~]# firewall-cmd --get-zone-of-interface=ens33 public 查看firewalld所有打开的服务： [root@ser1 ~]# firewall-cmd --zone=public --list-services dhcpv6-client ssh 注释： dhcpv6-client、ssh 是默认就有的，这些服务的默认端口是可以被访问；本机其他服务、端口是默认禁止外部IP地址进行访问的。查看firewalld所有打开的端口：（虽然看不见TCP 22端口，但因为已经在firewalld的服务里打开了ssh，所以默认是可以访问的） firewall-cmd --zone=public --list-ports 图片1.png

查看firewalld的当前配置信息：（firewalld的初始状态） firewall-cmd --list-all 图片2.png

查看firewalld的配置文件：（firewalld的初始状态） [root@ser1 ~]# cat /etc/firewalld/zones/public.xml Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. 关闭firewalld： [root@ser1 ~]# systemctl stop firewalld 禁止开机自动启动firewalld： [root@ser1 ~]# systemctl disable firewalld 启动firewalld： [root@ser1 ~]# systemctl start firewalld 开机自动启动firewalld： [root@ser1 ~]# systemctl enable firewalld ###### 只允许某个客户端IP地址远程SSH登录本机：先在firewalld中删除 ssh ： [root@ser1 ~]# firewall-cmd --permanent --zone=public --remove-service=ssh success 插入防火墙规则：（只允许IP地址（192.168.168.163）访问本机的TCP 22 端口） [root@ser1 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.163" port protocol="tcp" port="22" accept' success 重新加载firewalld的配置： [root@ser1 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@ser1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.163" port port="22" protocol="tcp" accept 查看firewalld的配置文件： [root@ser1 ~]# cat /etc/firewalld/zones/public.xml Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. 删除防火墙规则的方法： [root@ser1 ~]# firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.168.163" port port="22" protocol="tcp" accept' success [root@ser1 ~]# firewall-cmd --reload success 删除防火墙规则的模板： firewall-cmd --permanent --zone=public --remove-rich-rule='#rich rules#' 查看firewalld的当前配置信息： [root@ser1 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: ###### 只允许某个客户端IP网段远程SSH登录本机：插入防火墙规则：（只允许网段（192.168.168.0/24）访问本机的TCP 22 端口） [root@ser1 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.0/24" port protocol="tcp" port="22" accept' success [root@ser1 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@ser1 ~]# firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: ens33 sources: services: dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.0/24" port port="22" protocol="tcp" accept 查看firewalld的当前配置信息： [root@ser1 ~]# cat /etc/firewalld/zones/public.xml Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. 可以在配置文件里修改，然后重新加载firewalld的配置： [root@ser1 ~]# firewall-cmd --reload success 相关文章： CentOS8防火墙(firewalld) CentOS7_TCP Wrappers

图片附件: 图片1.png (2020-8-19 14:46, 8.8 KB) / 下载次数 137
http://blog.zhuohua.store/attachment.php?aid=10527&k=663c175502662fee24b0e33cbe2f6c5b&t=1714864216&sid=az6zWd

图片附件: 图片1.png (2021-2-1 12:12, 4.26 KB) / 下载次数 114
http://blog.zhuohua.store/attachment.php?aid=15300&k=cbed2c70baa86471142f5b7b708ce6f2&t=1714864216&sid=az6zWd

图片附件: 图片2.png (2021-2-1 12:13, 15.79 KB) / 下载次数 112
http://blog.zhuohua.store/attachment.php?aid=15301&k=26c90f87c51b3b43642218a7194fe651&t=1714864216&sid=az6zWd

欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)