龙空技术网

学习笔记-Linux 防火墙 - Firewall-cmd

夢天說夢話 274

前言:

此时兄弟们对“telnetstarttls”都比较关心,你们都想要了解一些“telnetstarttls”的相关内容。那么小编在网络上搜集了一些对于“telnetstarttls””的相关内容,希望朋友们能喜欢,各位老铁们快快来了解一下吧!

安装Firewall

sudo apt install -y firewalld
Firewall-cmd 基本操作命令
# 开启防火墙sudo systemctl start firewalld.service# 防火墙开机启动sudo  systemctl enable firewalld.service# 关闭防火墙sudo systemctl stop firewalld.service# 禁用防火墙sudo systemctl stop firewalld.servicesudo systemctl disable firewalld# 查看防火墙状态sudo firewall-cmd --state# 查看现有的规则sudo firewall-cmd --zone=public --list-portssudo firewall-cmd --zone=public --list-service# 重载防火墙配置sudo firewall-cmd --reload# 添加单个单端口sudo firewall-cmd --permanent --zone=public --add-port={端口号}/tcp# 添加多个端口sudo firewall-cmd --permanent --zone=public --add-port={端口号}-{端口号}/tcp# 删除某个端口sudo firewall-cmd --permanent --zone=public --remove-port={端口号}/tcp# 添加单个服务sudo firewall-cmd --permanent --zone=public --add-service={服务名}# 移除单个服务sudo firewall-cmd --permanent --zone=public --remove-service={服务名}# 删除单个服务sudo firewall-cmd --permanent --zone=public --delete-service={服务名}# 针对某个 IP开放端口sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}" port protocol="tcp" port="{端口号}" accept"sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}" accept"# 删除某个IPsudo firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="{IP}" accept"# 针对一个ip段访问sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}/24" accept"sudo firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="{IP}/24" port protocol="tcp" port="{端口号}" accept"# 查询端口开放sudo firewall-cmd --zone=public --query-port={端口号}/tcp# 查询服务开放sudo firewall-cmd --zone=public --query-service={服务名}# 获取所有可用服务sudo firewall-cmd --get-services
Public 配置文件
/etc/firewalld/zones/public.xml
系统内置服务列表
# 系统内置网络服务配置文件# /usr/lib/firewalld/servicesRH-Satellite-6amanda-clientamanda-k5-clientbaculabacula-clientbgpbitcoinbitcoin-rpcbitcoin-testnetbitcoin-testnet-rpccephceph-moncfengine condor-collector ctdbdhcp    # DHCP服务 67/UDPdhcpv6dhcpv6-clientdnsdocker-registrydocker-swarmdropbox-lansyncelasticsearchfreeipa-ldapfreeipa-ldapsfreeipa-replicationfreeipa-trustftpganglia-clientganglia-mastergithigh-availabilityhttphttpsimapimapsippipp-clientipsecircircsiscsi-targetkadminkerberoskibanakloginkpasswdkpropkshell ldap ldaps libvirt libvirt-tls managesievemdns minidlna mosh mountd ms-wbt mssqlmurmurmysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsoleovirt-vmconsole pmcdpmproxypmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptppulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmpsnmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-sockstransmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
自定义服务
# 自定义服务目录cd /etc/firewalld/services# 创建自定义服务文件nano fourleaf.xml<?xml version="1.0" encoding="utf-8"?><service>  <short>fourleaf</short>  <description>FourLeaf service uses tcp 8081 ~ 8090 port. This firewall-cmd service was created by SRover Lee</description>  <port protocol="tcp" port="8081"/>  <port protocol="tcp" port="8082"/>  <port protocol="tcp" port="8083"/>  <port protocol="tcp" port="8084"/>  <port protocol="tcp" port="8085"/>  <port protocol="tcp" port="8086"/>  <port protocol="tcp" port="8087"/>  <port protocol="tcp" port="8088"/>  <port protocol="tcp" port="8089"/>  <port protocol="tcp" port="8090"/></service> # 添加自定义服务sudo firewall-cmd --permanent --zone=public --add-service={服务名}sudo firewall-cmd --reload

标签: #telnetstarttls #mysql关闭防火墙命令