RHEL / CentOS 7 防火牆 — firewalld

Redhat 及 CentOS 7 內建的防火牆改用了 Firewalld, firewalld 將網絡用 zone 的概念分開管理, 以下是 Firewalld 常用例子:

查看預設 zone, CentOS 預設的 zone 是 public:

# firewall-cmd –get-default-zone

列出 active zones:

# firewall-cmd –get-active-zones

查看個別 zone 的詳細內容:

# firewall-cmd –zone=public –list-all

開放 http 服務的埠號 (如果沒有填上 zone, 會使用預設 zone):

# firewall-cmd –zone=public –add-service=http
# firewall-cmd –zone=public –permanent –add-service=http
# firewall-cmd –reload

要停止服務, 只要將上面指令的 –add 改成 –remove:

# firewall-cmd –zone=public –remove-service=https
# firewall-cmd –zone=public –permanent –remove-service=https
# firewall-cmd –reload

開放 service 服務以外其他的埠號, 例如開放 tcp 443 埠號:

# firewall-cmd –zone=internal –add-port=443/tcp
# firewall-cmd –reload

Ban ip, 下面例子是 192.168.1.110:

# firewall-cmd –direct –add-rule ipv4 filter INPUT_direct 0 -s 192.168.1.110 -j DROP



Latest Comments

  1. James 12 August 2016
    • James 12 August 2016

Leave a Reply