1. 如何在CenTos 7上开启关闭防火墙
CentOS 7.0默认使用的是firewall作为防火墙,这里改为iptables防火墙步骤。1、关闭firewall:systemctl stop firewalld.service #停止firewallsystemctl disable firewalld.service #禁止firewall开机启动firewall-cmd –state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)2、iptables防火墙(这里iptables已经安装,下面进行配置)vi/etc/sysconfig/iptables #编辑防火墙配置文件# sampleconfiguration for iptables service# you can edit thismanually or use system-config-firewall# please do not askus to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT[0:0]:OUTPUT ACCEPT[0:0]-A INPUT -m state–state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -jACCEPT-A INPUT -i lo -jACCEPT-A INPUT -p tcp -mstate –state NEW -m tcp –dport 22 -j ACCEPT-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -jACCEPT-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080-j ACCEPT-A INPUT -j REJECT–reject-with icmp-host-prohibited-A FORWARD -jREJECT –reject-with icmp-host-prohibitedCOMMIT:wq! #保存退出备注:这里使用80和8080端口为例。***部分一般添加到“-A INPUT -p tcp -m state –state NEW -m tcp–dport 22 -j ACCEPT”行的上面或者下面,切记不要添加到最后一行,否则防火墙重启后不生效。systemctlrestart iptables.service #最后重启防火墙使配置生效systemctlenable iptables.service #设置防火墙开机启动
2. linux閰嶇疆绔鍙linux閰嶇疆绔鍙
鎬庢牱寮鏀惧拰鍏抽棴绔鍙o紵
涓銆佹煡鐪嬪摢浜涚鍙h鎵撳紑netstat-anp浜屻佸叧闂绔鍙e彿:iptables-AINPUT-ptcp–drop绔鍙e彿-jDROPiptables-AOUTPUT-ptcp–dport绔鍙e彿-jDROP涓夈佹墦寮绔鍙e彿锛歩ptables-AINPUT-ptcp–dport绔鍙e彿-jACCEPT鍥涖佷互涓嬫槸linux鎵撳紑绔鍙e懡浠ょ殑浣跨敤鏂规硶銆俷c-lp23(鎵撳紑23绔鍙o紝鍗硉elnet)netstat-an|grep23(鏌ョ湅鏄鍚︽墦寮23绔鍙)浜斻乴inux鎵撳紑绔鍙e懡浠ゆ瘡涓涓鎵撳紑鐨勭鍙o紝閮介渶瑕佹湁鐩稿簲鐨勭洃鍚绋嬪簭鎵嶅彲浠ラ傚悎鍏ラ棬鐨勫︿範閫斿緞锛岃烽槄璇汇奓inux灏辫ヨ繖涔堝︺
Linux鏈嶅姟鍣ㄥ備綍寮鏀剧鍙o紝閰嶇疆闃茬伀澧欙紵
鎵撳紑閰嶇疆鏂囦欢
鍛戒护浠g爜
#vi/etc/sysconfig/iptables
姝g‘鐨勯厤缃鏂囦欢
閰嶇疆浠g爜
#-config-firewall
#.
*filter
:INPUTACCEPT
:FORWARDACCEPT
:OUTPUTACCEPT
-AINPUT-mstate_stateESTABLISHED,RELATED-jACCEPT
-AINPUT-picmp-jACCEPT
-AINPUT-ilo-jACCEPT
-AINPUT-mstate_stateNEW-mtcp-ptcp_dport22-jACCEPT
-AINPUT-mstate_stateNEW-mtcp-ptcp_dport80-jACCEPT
-AINPUT-jREJECT_reject-withicmp-host-prohibited
-AFORWARD-jREJECT_reject-withicmp-host-prohibited
COMMIT
閰嶇疆閫氶厤浠g爜
-AINPUT-mstate_stateNEW-mtcp-ptcp_dport*-jACCEPT
娉ㄦ剰鐐癸細鏂板紑鏀剧殑绔鍙d竴瀹氳佸湪绔鍙22鍚庨潰
閲嶅惎闃茬伀澧欎娇閰嶇疆鐢熸晥
鍛戒护浠g爜
#/etc/init.d/iptablesrestart
鍏跺畠
鏌ョ湅寮鏀剧鍙
鍛戒护浠g爜
#/etc/init.d/iptablesstatus
鍏抽棴闃茬伀澧
鍛戒护浠g爜
#/etc/init.d/iptablesstop
linux涓涓绔鍙e彲浠ヨ繍琛屽嚑涓杩涚▼锛屾瘮濡傛垜鍚屾椂鎵撳紑2涓娴忚堝櫒锛岄偅灞炰簬鍑犱釜绔鍙e憿锛
姣忎釜绔鍙d笂鍙浠ヨ繍琛岃稿氫釜杩涚▼锛屾瘡涓杩涚▼閮藉彲浠ヨ皟鐢ㄥ悓涓涓绔鍙o紝浣嗘槸褰撴湁涓涓杩涚▼鍦ㄥ崰鐢ㄨョ鍙f椂锛屽叾浠栬繘绋嬩細绛夊緟锛岀瓑鍓嶄竴涓杩涚▼閲婃斁璇ョ鍙e悗鎵嶅彲浠ョ敱涓嬩竴涓杩涚▼璋冪敤銆
linux绯荤粺涓鎬庝箞绂佺敤绔鍙o紵
1銆佺鍙d竴鑸瀵瑰簲浜庣浉搴旂殑缃戠粶鏈嶅姟绋嬪簭锛岃佺佺敤绔鍙o紝鍙浠ュ厛鏌ョ湅绔鍙f墍瀵瑰簲鐨勬湇鍔°傜劧鍚庡皢鏈嶅姟鍏抽棴銆俷etstat-antup
2銆佷篃鍙浠ラ氳繃iptables灏嗗叾绂佺敤锛屼互8080绔鍙d负渚嬶紝鎵ц屽備笅鍛戒护锛歩ptables-AINPUT-ptcp–dport8080-jDROPiptables-AINPUT-ptcp–sport8080-jDROPiptables-AINPUT-pudp–dport8080-jDROPiptables-AINPUT-pudp–sport8080-jDROP
linuxwiki鎬庝箞鍚鐢8080绔鍙o紵
/sbin/iptables?-I?INPUT?-p?tcp?–dport?8080?-j?ACCEPT????#寮鍚8080绔鍙/etc/rc.d/init.d/iptables?save???????????????????????????#淇濆瓨闃茬伀澧欑殑鏇存敼
3. centos7为什么要关闭firewall防火墙
CentOS 7.0默认使用的是firewall作为防火墙,使用iptables必须重新设置一下1、直接关闭防火墙systemctl stop firewalld.service #停止firewallsystemctl disable firewalld.service #禁止firewall开机启动2、设置 iptables serviceyum -y install iptables-services如果要修改防火墙配置,如增加防火墙端口3306vi /etc/sysconfig/iptables 增加规则-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT保存退出后systemctl restart iptables.service #重启防火墙使配置生效systemctl enable iptables.service #设置防火墙开机启动最后重启系统使设置生效即可。
4. Linux centos7涓媐tp榛樿ょ鍙d慨鏀瑰悗firewalld濡備綍璁剧疆
濡備笅21绔鍙f敼鎴愪綘鐨勭鍙e彿 娉ㄦ剰璁剧疆SELinux 鎴栬呭叧闂璖ELinuxfirewall-cmd –permanent –zone=public –add-port=21/tcp鐒跺悗鎵ц岄噸鏂拌浇鍏firewalld璁剧疆firewall-cmd –reload鍒犻櫎涔嬪墠鐨勬湇鍔firewall-cmd –permanent –remove-server=tcp鍒楀嚭firewall寮鏀剧鍙firewall-cmd –list-all
