Redhat 及 CentOS 7 内建的防火墙改用了 Firewalld, firewalld 将网络用 zone 的概念分开管理, 以下是 Firewalld 常用例子:
查看默认 zone, CentOS 默认的 zone 是 public:
# firewall-cmd –get-default-zone
列出 active zones:
# firewall-cmd –get-active-zones
查看个别 zone 的详细内容:
# firewall-cmd –zone=public –list-all
开放 http 服务的埠号 (如果没有填上 zone, 会使用默认 zone):
# firewall-cmd –zone=public –add-service=http
# firewall-cmd –zone=public –permanent –add-service=http
# firewall-cmd –reload
# firewall-cmd –zone=public –permanent –add-service=http
# firewall-cmd –reload
要停止服务, 只要将上面指令的 –add 改成 –remove:
# firewall-cmd –zone=public –remove-service=https
# firewall-cmd –zone=public –permanent –remove-service=https
# firewall-cmd –reload
# firewall-cmd –zone=public –permanent –remove-service=https
# firewall-cmd –reload
开放 service 服务以外其他的埠号, 例如开放 tcp 443 埠号:
# firewall-cmd –zone=internal –add-port=443/tcp
# firewall-cmd –reload
# firewall-cmd –reload
Ban ip, 下面例子是 192.168.1.110:
# firewall-cmd –direct –add-rule ipv4 filter INPUT_direct 0 -s 192.168.1.110 -j DROP