{"id":15379,"date":"2023-03-28T14:05:06","date_gmt":"2023-03-28T06:05:06","guid":{"rendered":"https:\/\/ailog.tw\/lifelog\/?p=15379"},"modified":"2023-08-07T15:04:53","modified_gmt":"2023-08-07T07:04:53","slug":"linux-firewalld","status":"publish","type":"post","link":"https:\/\/ailog.tw\/lifelog\/2023\/03\/28\/linux-firewalld\/","title":{"rendered":"Linux\u900f\u904efirewalld\u6307\u4ee4\u8a2d\u5b9a\u9632\u706b\u7246\u898f\u5247"},"content":{"rendered":"

\u5728CentOS 7 \/ Oracle Linux 7 \/ Red Hat7\u7248\u672c\u958b\u59cb\u5167\u5efa\u4e86firewalld\u9019\u500b\u9632\u706b\u7246\u7ba1\u7406\u7684\u6307\u4ee4\uff0c\u6bd4\u904e\u5f80\u7684Iptables\u4f7f\u7528\u4e0a\u66f4\u70ba\u7c21\u55ae\uff0c\u5feb\u4f86\u4e86\u89e3\u5982\u4f55\u8a2d\u5b9a\u5427!<\/span><\/p>\n

<\/p>\n

\u4e00\u3001\u505c\u6b62iptables\u670d\u52d9<\/strong><\/span>
\n(1)\u3001\u66ab\u505ciptables\u529f\u80fd\uff1a<\/span><\/p>\n

systemctl stop iptables\r\n<\/span><\/pre>\n

\n(2)\u3001\u505c\u7528iptables\u529f\u80fd\uff1a<\/span><\/p>\n
systemctl mask iptables<\/span><\/pre>\n

\n\u4e8c\u3001\u5b89\u88ddfirewalld\u5957\u4ef6<\/strong><\/span>
\n(1)\u3001\u5b89\u88ddfirewalld\u5957\u4ef6\uff1a
\n<\/span><\/p>\n
sudo yum install firewalld<\/span><\/pre>\n

\n(2)\u3001\u8a2d\u5b9a\u958b\u6a5f\u81ea\u52d5\u57f7\u884cfirewalld\uff1a
\n<\/span><\/p>\n
systemctl enable firewalld<\/span><\/pre>\n

\n(3)\u3001\u6aa2\u67e5 firewalld \u670d\u52d9\u72c0\u614b\uff1a<\/span><\/p>\n
systemctl status firewalld<\/span><\/pre>\n

\n(4)\u3001\u555f\u52d5 firewalld \u670d\u52d9\uff1a<\/span><\/p>\n
systemctl start firewalld<\/span><\/pre>\n

\n(5)\u3001\u505c\u6b62 firewalld \u670d\u52d9\uff1a<\/span><\/p>\n
systemctl stop firewalld<\/span><\/pre>\n

\n(6)\u3001\u91cd\u65b0\u555f\u52d5 firewalld \u670d\u52d9\uff1a<\/span><\/p>\n
service firewalld restart<\/span><\/pre>\n

\n(7)\u3001\u91cd\u65b0\u8f09\u5165 firewalld \u8a2d\u5b9a\uff1a<\/span><\/p>\n
firewall-cmd --reload<\/span><\/pre>\n

\n\u4e09\u3001\u67e5\u8a62\u8a2d\u5b9a\u72c0\u614b<\/strong><\/span>
\n(1)\u3001\u67e5\u8a62\u73fe\u6709\u5340\u57df\uff1a
\n<\/span><\/p>\n
firewall-cmd --get-zones<\/span><\/pre>\n

\n(2)\u3001\u67e5\u8a62\u300cpublic\u300d\u5340\u57df\u7684\u8a2d\u5b9a\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --list-all<\/span><\/pre>\n

\n(3)\u3001\u67e5\u8a62\u300cpublic\u300d\u7684\u6c38\u4e45\u8a2d\u5b9a\u503c\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --list-all --permanent<\/span><\/pre>\n

\n(4)\u3001\u67e5\u8a62\u76ee\u524d\u9810\u8a2d\u7684\u5340\u57df\uff1a<\/span><\/p>\n
firewall-cmd --get-default-zone<\/span><\/pre>\n

\n(5)\u3001\u66f4\u6539 firewalld \u7684\u9810\u8a2d\u5340\u57df\u70ba\u300coffice\u300d\uff1a<\/span><\/p>\n
firewall-cmd --set-default-zone=office<\/span><\/pre>\n

\n(6)\u3001\u67e5\u8a62\u5404\u500b\u7db2\u8def\u4ecb\u9762\u6240\u5c6c\u7684\u5340\u57df\uff1a<\/span><\/p>\n
firewall-cmd --get-active-zones<\/span><\/pre>\n

\n(7)\u3001\u66f4\u6539\u7db2\u8def\u5361\u6240\u5c6c\u7684\u5340\u57df\uff1a
\n\u5c07ens160\u7db2\u8def\u5361\u6c38\u4e45<\/span>\u8a2d\u5b9a\u70bapublic\u5340\u57df\u7684\u7bc4\u4f8b\u8a9e\u6cd5\u5982\u4e0b\uff1a<\/span><\/p>\n
sudo firewall-cmd --permanent --zone=public --change-interface=ens160<\/span><\/pre>\n

\n(8)\u3001\u67e5\u8a62\u7cfb\u7d71\u5167\u5efa\u670d\u52d9\u540d\u7a31\uff1a<\/span><\/p>\n
firewall-cmd --get-services<\/span><\/pre>\n

\n(9)\u3001\u67e5\u8a62\u9632\u706b\u7246\u76ee\u524d\u6240\u6709\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --list-all<\/span><\/pre>\n
 <\/p>\n
\u56db\u3001\u8a2d\u5b9a\u9632\u706b\u7246\u898f\u5247<\/strong><\/span>
\n<\/span><\/p>\n
(1)\u3001\u67e5\u8a62\u5404\u500b\u7db2\u8def\u4ecb\u9762\u6240\u5c6c\u7684\u5340\u57df\uff1a<\/span><\/p>\n
firewall-cmd --get-active-zones<\/span><\/pre>\n

\n(2)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u65b0\u589e\u300d\u66ab\u6642<\/span>\u958b\u653ehttps\u670d\u52d9\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --add-service=https<\/span><\/pre>\n

\n(3)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u65b0\u589e\u300d\u6c38\u4e45<\/span>\u958b\u653ehttps\u670d\u52d9\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --permanent --add-service=https<\/span><\/pre>\n

\n(3)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u65b0\u589e\u300d\u6c38\u4e45<\/span>\u958b\u653eTCP 8080 Port\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --permanent --add-port=8080\/tcp<\/span><\/pre>\n

\n(4)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u65b0\u589e\u300d\u6c38\u4e45<\/span>\u958b\u653e192.168.6.111\u9019\u500bIP\u53ef\u4ee5\u9023\u7ddamysql(3306)\u670d\u52d9\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --add-rich-rule 'rule family=\"ipv4\" source address=\"192.168.6.111\/32\" service name=\"mysql\" accept' --permanent<\/span><\/pre>\n

\n(6)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u65b0\u589e\u300d\u6c38\u4e45\u963b\u64cb192.168.6.222\u9019\u500bIP\u9023\u7dda\u7684\u898f\u5247<\/span><\/span>\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --add-rich-rule 'rule family=\"ipv4\" source address=\"192.168.6.222\/32\" reject' --permanent<\/span><\/pre>\n

\n\u4e94\u3001\u79fb\u9664\u9632\u706b\u7246\u898f\u5247<\/strong><\/span>
\n<\/span><\/p>\n
(1)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u522a\u9664\u300d\u66ab\u6642<\/span>\u958b\u653ehttps\u670d\u52d9\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --remove-service=https<\/span><\/pre>\n

\n(2)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u522a\u9664\u300d\u6c38\u4e45<\/span>\u958b\u653ehttps\u670d\u52d9\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --permanent --remove-service=https<\/span><\/pre>\n

\n(3)\u3001\u5728public\u5340\u57df\u4e2d\u300c\u522a\u9664\u300d\u6c38\u4e45<\/span>\u958b\u653eTCP 8080 Port<\/span>\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --permanent --remove-port=8080\/tcp<\/span><\/pre>\n

\n(4)\u3001\u5728public<\/span>\u5340\u57df\u4e2d\u300c\u522a\u9664\u300d\u7279\u5b9a\u6c38\u4e45\u958b\u653e<\/span>\u898f\u5247\uff1a<\/span><\/p>\n
firewall-cmd --zone=public --remove-rich-rule 'rule family=\"ipv4\" source address=\"192.168.6.111\/32\" service name=\"mysql\" accept' --permanent<\/span><\/pre>\n
 <\/p>\n
\u516d\u3001\u67e5\u770b\u7cfb\u7d71\u5167\u5efa\u670d\u52d9\u6a23\u677f<\/strong><\/span><\/span><\/p>\n
(1)\u3001\u67e5\u770b\u7cfb\u7d71\u9810\u8a2d\u9632\u706b\u7246\u670d\u52d9\u6a23\u677f\uff1a<\/span><\/p>\n
ls \/usr\/lib\/firewalld\/services<\/span><\/pre>\n
\u203b\u5982\u7121\u9069\u5408\u7684\u6a23\u677f\uff0c\u53ef\u4ee5\u900f\u904e\u65e2\u6709\u7684\u6a23\u677f\u7522\u751f\u4e00\u500b\u5ba2\u88fd\u5316\u7684\u8a2d\u5b9a<\/p>\n
(2)\u3001\u5efa\u7acb\u5ba2\u88fd\u5316\u9632\u706b\u7246\u670d\u52d9<\/span>\u6a23\u677f\uff1a<\/span><\/p>\n
cd \/usr\/lib\/firewalld\/services\r\ncp mysql.xml oracle.xml\r\nvim oracle.xml<\/pre>\n
\"\"<\/span><\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
\u5728CentOS 7 \/ Oracle Linux 7 \/ Red Hat7\u7248\u672c\u958b\u59cb\u5167\u5efa\u4e86firewalld\u9019\u500b … <\/p>\n
\u95b1\u8b80\u5168\u6587\u3008Linux\u900f\u904efirewalld\u6307\u4ee4\u8a2d\u5b9a\u9632\u706b\u7246\u898f\u5247\u3009<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,379],"tags":[493,6015,5536,121,507,1103,722],"class_list":["post-15379","post","type-post","status-publish","format-standard","hentry","category-itinfo","category-linux","tag-centos","tag-firewall-cmd","tag-firewalld","tag-linux","tag-oracle-linux","tag-red-hat","tag-722"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/15379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/comments?post=15379"}],"version-history":[{"count":30,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/15379\/revisions"}],"predecessor-version":[{"id":16443,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/posts\/15379\/revisions\/16443"}],"wp:attachment":[{"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/media?parent=15379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/categories?post=15379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ailog.tw\/lifelog\/wp-json\/wp\/v2\/tags?post=15379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}