blog.zhuohua.store - Powered by Discuz! Board

标题: CentOS8_firewalld+Nginx [打印本页]

作者: admin 时间: 2020-8-19 15:14 标题: CentOS8_firewalld+Nginx

笺注：这是在 CentOS8安装LNMP+phpMyAdmin 的基础上进行的。查看防火墙firewalld所有打开的端口： [root@centos8 ~]# firewall-cmd --zone=public --list-ports 80/tcp 查看firewalld的当前配置信息： firewall-cmd --zone=public --list-all 图片1.png

注释： cockpit、dhcpv6-client、ssh 是默认就有的，这些服务的默认端口是可以被访问。客户端远程访问服务器的TCP 80端口： http://192.168.168.154:80 图片2.png

注释：浏览器会自动去掉80端口。删除一个TCP端口： firewall-cmd --zone=public --remove-port=80/tcp --permanent firewall-cmd --reload 端口删除成功： [root@centos8 ~]# firewall-cmd --zone=public --list-ports [root@centos8 ~]# 查看firewalld的当前配置信息： firewall-cmd --list-all 图片3.png

注释：这也是firewalld的初始状态。客户端远程测试：图片4.png

插入防火墙规则：（只允许IP地址（192.168.168.163）访问本机的TCP 80 端口） [root@centos8 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.163" port protocol="tcp" port="80" accept' success [root@centos8 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" accept 客户端（192.168.168.163）远程测试：图片5.png

删除防火墙规则： [root@centos8 ~]# firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" accept' success [root@centos8 ~]# firewall-cmd --reload success 删除防火墙规则成功：图片6.png

客户端（192.168.168.163）远程测试：图片7.png

插入防火墙规则：（只允许IP网段（192.168.168.0/24）访问本机的TCP 80 端口） [root@centos8 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.0/24" port protocol="tcp" port="80" accept' success [root@centos8 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.0/24" port port="80" protocol="tcp" accept 客户端（192.168.168.163）远程测试：图片8.png

插入防火墙规则：（禁止IP地址（192.168.168.163）访问本机的TCP 80 端口） [root@centos8 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.163" port protocol="tcp" port="80" reject' success [root@centos8 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.0/24" port port="80" protocol="tcp" accept rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" reject 笺注：条件符合reject就会被拒绝了，不是按规则顺序来执行。客户端（192.168.168.163）远程测试：图片9.png

查看firewalld的配置文件： [root@centos8 ~]# cat /etc/firewalld/zones/public.xml Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. 可以在配置文件里修改，然后重新加载firewalld的配置： [root@centos8 ~]# firewall-cmd --reload success 修改Nginx的默认站点的TCP端口： [root@centos8 ~]# vi /etc/nginx/nginx.conf 图片10.png

修改为TCP 8080 ：图片11.png

重启Nginx服务： [root@centos8 ~]# systemctl restart nginx 插入防火墙规则：（只允许IP地址（192.168.168.163）访问本机的TCP 8000至8088范围之间的端口） [root@centos8 ~]# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.168.163" port protocol="tcp" port="8000-8088" accept' success [root@centos8 ~]# firewall-cmd --reload success 查看firewalld的当前配置信息： [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.168.0/24" port port="80" protocol="tcp" accept rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" reject rule family="ipv4" source address="192.168.168.163" port port="8000-8088" protocol="tcp" accept 查看firewalld的配置文件： [root@centos8 ~]# cat /etc/firewalld/zones/public.xml Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. 客户端（192.168.168.163）远程访问服务器的TCP 8080端口： http://192.168.168.154:8080/ 图片12.png

相关文章： CentOS8防火墙(firewalld)

图片附件: 图片1.png (2021-1-31 15:48, 51.49 KB) / 下载次数 116
http://blog.zhuohua.store/attachment.php?aid=15282&k=3d3861d19e951e7dc179662d41d58558&t=1714377291&sid=ZTtAzq

图片附件: 图片2.png (2021-1-31 15:48, 57.33 KB) / 下载次数 117
http://blog.zhuohua.store/attachment.php?aid=15283&k=9aa01b1d9faf18dbbb4869e6b1962517&t=1714377291&sid=ZTtAzq

图片附件: 图片3.png (2021-1-31 15:49, 16.86 KB) / 下载次数 118
http://blog.zhuohua.store/attachment.php?aid=15284&k=e6c99a1bde80a18b73269b10bd340dca&t=1714377291&sid=ZTtAzq

图片附件: 图片4.png (2021-1-31 15:49, 23.94 KB) / 下载次数 104
http://blog.zhuohua.store/attachment.php?aid=15285&k=6de05a3047c5efed253292d7d04eb9d7&t=1714377291&sid=ZTtAzq

图片附件: 图片5.png (2021-1-31 15:51, 57.33 KB) / 下载次数 95
http://blog.zhuohua.store/attachment.php?aid=15286&k=9bcd9377202090713fb12d4e2a42910e&t=1714377291&sid=ZTtAzq

图片附件: 图片6.png (2021-1-31 15:52, 16.86 KB) / 下载次数 107
http://blog.zhuohua.store/attachment.php?aid=15287&k=68114a0467f9606c7d51f317d93363ea&t=1714377291&sid=ZTtAzq

图片附件: 图片7.png (2021-1-31 15:53, 23.94 KB) / 下载次数 109
http://blog.zhuohua.store/attachment.php?aid=15288&k=9af91cac9e956dec112ab7faacfafdef&t=1714377291&sid=ZTtAzq

图片附件: 图片8.png (2021-1-31 15:54, 57.33 KB) / 下载次数 119
http://blog.zhuohua.store/attachment.php?aid=15289&k=ecb8f10dd2bbc5e22040eb59f2d93662&t=1714377291&sid=ZTtAzq

图片附件: 图片9.png (2021-1-31 15:56, 23.94 KB) / 下载次数 110
http://blog.zhuohua.store/attachment.php?aid=15290&k=dcc995a53bf135f9f7accf950cf168da&t=1714377291&sid=ZTtAzq

图片附件: 图片10.png (2021-1-31 15:57, 7.52 KB) / 下载次数 102
http://blog.zhuohua.store/attachment.php?aid=15291&k=1913d41a0ffa479fe99049751029b09c&t=1714377291&sid=ZTtAzq

图片附件: 图片11.png (2021-1-31 15:57, 7.45 KB) / 下载次数 112
http://blog.zhuohua.store/attachment.php?aid=15292&k=91642df687240d3908b81942ec6aa5dd&t=1714377291&sid=ZTtAzq

图片附件: 图片12.png (2021-1-31 15:59, 60.73 KB) / 下载次数 110
http://blog.zhuohua.store/attachment.php?aid=15293&k=09f81b87a10fc7c9ddbabf2f307f5e61&t=1714377291&sid=ZTtAzq

欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/)