防火墙相关
firewalld是centos7的一大特性,最大的好处有两个:支持动态更新,不用重启服务;第二个就是加入了防火墙的“zone”概念。
查看设置
显示状态:$ firewall-cmd –state显示所有开放情况:firewall-cmd –list-all显示允许的端口或者服务:firewall-cmd –list-ports (firewall-cmd –list-service)查看区域信息: $ firewall-cmd –get-active-zones查看指定接口所属区域:$ firewall-cmd –get-zone-of-interface=eth0拒绝所有包:# firewall-cmd –panic-on取消拒绝状态:# firewall-cmd –panic-off查看是否拒绝:$ firewall-cmd –query-panic
增加或关闭端口或服务 //增加操作后需要reload才能生效,默认区域是––zone=public
以下命令等同于:firewall–cmd ––zone=public ––add–port=80/tcp ––permanent
永久打开一个端口: firewall-cmd –permanent –add-port=8080/tcp永久关闭一个端口: firewall-cmd –permanent –remove-port=8080/tcp永久打开某项服务: firewall-cmd –permanent –add-service=http永久关闭某项服务: firewall-cmd –permanent –remove-service=http
进行端口转发
firewall-cmd –permanent –add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55允许转发到其他地址: firewall-cmd –permanent –add-masquerade
重新加载防火墙
firewall-cmd –reload
运行、停止、禁用firewalld
启动:# systemctl start firewalld查看状态:# systemctl status firewalld 或者 firewall-cmd –state停止:# systemctl disable firewalld禁用:# systemctl stop firewalld重启:systemctl restart firewalld
配置firewalld
查看版本:$ firewall-cmd –version查看帮助:$ firewall-cmd –help
firewalld对指定IP开放指定端口的配置
添加防火墙规则(对指定ip开放指定端口)//重启后生效
(1) Postgresql端口设置。允许192.168.142.166访问5432端口 accept 或者drop