1.1 firewall启停设置

[root@tomcat ~]# systemctl stop firewalld.service                    #关闭firewall

[root@tomcat ~]# systemctl status firewalld.service                  #查看状态

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

Mar  :: tomcat systemd[]: Starting firewalld - dynamic firewall daemon...

Mar  :: tomcat systemd[]: Started firewalld - dynamic firewall daemon.

Mar  :: tomcat systemd[]: Stopping firewalld - dynamic firewall daemon...

Mar  :: tomcat systemd[]: Stopped firewalld - dynamic firewall daemon.

[root@tomcat ~]# firewall-cmd --state

not running

[root@tomcat ~]# systemctl start firewalld.service     #启动firewall

[root@tomcat ~]# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: active (running) since Tue -- :: CST; 4s ago

 Main PID:  (firewalld)

   CGroup: /system.slice/firewalld.service

           └─ /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar  :: tomcat systemd[]: Starting firewalld - dynamic firewall daemon...

Mar  :: tomcat systemd[]: Started firewalld - dynamic firewall daemon.

[root@tomcat ~]# firewall-cmd --state

running

[root@tomcat ~]#

[root@tomcat ~]# systemctl disable firewalld.service                 #禁止开机启动
[root@tomcat ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2018-03-13 09:32:44 CST; 3min 22s ago
Main PID: 3737 (firewalld)
CGroup: /system.slice/firewalld.service
└─3737 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 13 09:32:43 tomcat systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 13 09:32:44 tomcat systemd[1]: Started firewalld - dynamic firewall daemon.

[root@tomcat ~]# systemctl enable firewalld.service    #设置开机启动
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@tomcat ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-03-13 09:32:44 CST; 3min 48s ago
Main PID: 3737 (firewalld)
CGroup: /system.slice/firewalld.service
└─3737 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 13 09:32:43 tomcat systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 13 09:32:44 tomcat systemd[1]: Started firewalld - dynamic firewall daemon.
[root@tomcat ~]#

2.1 安装iptables

[root@tomcat ~]# yum install iptables-service -y
[root@tomcat ~]# systemctl start iptables.service

[root@tomcat ~]# systemctl enable iptables.service

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

[root@tomcat ~]# systemctl status iptables.service

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)

   Active: active (exited) since Tue -- :: CST; 22s ago

 Main PID:  (code=exited, status=/SUCCESS)

Mar  :: tomcat systemd[]: Starting IPv4 firewall with iptables...

Mar  :: tomcat iptables.init[]: iptables: Applying firewall rules: [  OK  ]

Mar  :: tomcat systemd[]: Started IPv4 firewall with iptables.

[root@tomcat ~]# 

[root@tomcat ~]# iptables -I  INPUT 1 -p tcp --dport 22 -j ACCEPT         
#-I  指定序号                      #iptable匹配规则从上至下依次匹配
#INPUT   input链
#-p   指定协议 
#tcp 协议
--dport   目的端口 
-j    动作



[root@tomcat ~]# iptables -P INPUT DROP           #添加默认策略拒绝所有,我们将需要放行的策略放到前面,有流量是从前向后匹配,允许的则放行,没有匹配到的则执行默认策略丢弃


-A 添加到最后一条


-P  添加默认策略


DROP   丢弃




#添加一个别名


echo 'alias iptablist="iptables -nL --line-number"' >>/etc/profile


. /etc/profile


#放行8080端口的流量


iptables -I INPUT -p tcp --dport 8080 -j ACCEPT


#禁止外网ping


iptables -I INPUT -p icmp ! -s 172.16.10.0/24 -j DROP




#允许回环口通过


iptables -A INPUT -i lo -j ACCEPT


#允许关联的数据包通过


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


#保存配置


iptables-save




  
												


											
Centos7 Firewall的更多相关文章
	

    
						
  1. Centos7 firewall开放3306端口
		
    目录 Centos7 firewall开放3306端口 1. 查看防火墙状态 2. 关闭防火墙firewall 3. 关闭防火墙firewall后开启 4. 开启端口 5. 重启防火墙 6. 常用命令 ...
    
		
    2. 
						
  2. centos7 firewall 防火墙 命令
		
    为了架设ss在vultr上买了一个日本的vps 用的是centos7的系统 防火墙是 firewall 捣鼓了两天 在这里总结一下. 如果小伙伴也准备在vultr上买vps  在注册是 可以使用这个优 ...
    
		
    3. 
						
  3. Centos7(Firewall)防火墙开启常见端口命令
		
    使用云服务器的,一定要注意开启安全组配置的响应端口 Centos7默认安装了firewalld,如果没有安装的话,则需要YUM命令安装:firewalld真的用不习惯,与之前的iptable防火墙区别 ...
    
		
    4. 
						
  4. centos7 firewall指定IP与端口、端段访问(常用)
		
    https://blog.csdn.net/yipianfuyunsm/article/details/99998332 https://www.cnblogs.com/co10rway/p/8268 ...
    
		
    5. 
						
  5. centos7 firewall 防火墙
		
    在部署dubbo-monitor 和dubbo-admin zookeeper时候,外部访问不了部署好的服务,因为端口问题 ,现在把端口操作总结一下 参考: http://www.cnblogs.co ...
    
		
    6. 
								
  6. centos7 firewall 操作
		
    一.firewall配置 The configuration for firewalld is stored in various XML files in /usr/lib/firewalld/ a ...
    
		
    7. 
						
  7. CentOS7 Firewall超详细使用方法
		
    CentOs7改变的最大处就是防火墙了,下面列用了常用的防火墙规则,端口转发和伪装 一.Firewalld基础规则 --get-default-zone 打印已设置为默认区域的当前区域,默认情况下默认 ...
    
		
    8. 
						
  8. centos7 firewall指定IP与端口访问(常用)
		
    1.启动防火墙 systemctl start firewalld.service 2.指定IP与端口 firewall-cmd --permanent --add-rich-rule="r ...
    
		
    9. 
						
  9. CentOS7 Firewall防火墙配置用法详解
		
    centos 7中防火墙是一个非常的强大的功能了,但对于centos 7中在防火墙中进行了升级了,下面我们一起来详细的看看关于centos 7中防火墙使用方法.   FirewallD 提供了支持网络 ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. Vue/Egg大型项目开发(一)搭建项目
			
    项目Github地址:前端(https://github.com/14glwu/stuer)后端(https://github.com/14glwu/stuer-server) 项目线上预览:http ...
    
			
    2. 
						
  2. CenOS 6.4下安装中文输入法
			
    1.使用root登录 输入:yum install "@Chinese Support" 2.回到桌面设置添加输入法 参考链接:http://www.linuxidc.com/Li ...
    
			
    3. 
						
  3. SpringBoot Tomcat启动报错
			
    中间的桥梁就是下面这个依赖 <dependency> <groupId>org.slf4j</groupId> <artifactId>jcl-over ...
    
			
    4. 
						
  4. Log4j2 设置控制台打印彩色日志
			
    https://www.baidu.com/s?ie=utf-8&tn=02003390_20_hao_pg&wd=%E5%8D%9A%E5%AE%A2%E5%9B%AD%E7%99% ...
    
			
    5. 
						
  5. 【Git】Git使用记录: remove *.lock eg: index.lock/head.lock
			
    问题 Another git process seems to be running in this repository, e.g. an editor opened by 'git commit' ...
    
			
    6. 
						
  6. Gridview标题头添加排序图片
			
    向gridview标题头中添加排序图片,当点击某一个头标题时,在标题中出现升序箭头向上的图片,再点击一次时降序,在标题中出现箭头向下的图片,初始页面时在标题头中并不现实任何图片. 先定义好一个grid ...
    
			
    7. 
						
  7. golang协程踩坑记录
			
    1.主线程等待多个协程执行完毕后,再执行下面的程序.golang提供了一个很好用的工具. sync.WaitGroup下面是个简单的例子. 执行结果: 2.主线程主动去结束已经启动了的多个协程.执行结 ...
    
			
    8. 
						
  8. Jenkins 改成中文语言显示
			
    到系统管理    插件管理中下载如下插件接口  Localization: Chinese (Simplified) 搜索的时候用ctrl+f 进行搜索,不要用Jenkins下面下的filter 只有 ...
    
			
    9. 
						
  9. ubuntu使用抓包工具,charles
			
    参考官网:https://www.charlesproxy.com/documentation/installation/apt-repository/ wget -q -O - https://ww ...
    
			
    10. 
						
  10. php日志
			
    // 全局通用日志工具 function setlog($param = [],$result = [],$name='',$filename = 'm.log',$path = '/tmp/bear ...
    
			
    11.