centos7默认为firewall防火墙,非iptables。
系统配置文件
位置:/usr/lib/firewalld/services/
例如ssh防火墙默认配置文件
vi /usr/lib/firewalld/services/ssh.xml<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>
其中port=”22″可修改为其他端口号。需要和上一篇中ssh配置文件中的端口号保持一致,默认是22.
用户配置文件
位置:/etc/firewalld/zones/
其中public.xml为配置文件
vi /etc/firewalld/zones/public.xml<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="443"/>
<port protocol="udp" port="443"/>
</zone>
可看到开放了ssh服务,443端口。
firewall-cmd --state 查看运行状态
systemctl start firewalld 启动防火墙
systemctl start firewalld.service 启动防火墙
systemctl stop firewalld 关闭防火墙
systemctl stop firewalld.service 关闭防火墙
firewall-cmd --reload 重载防火墙
firewall-cmd --zone=public --list-ports 查看防火墙开放了哪些端口
firewall-cmd --zone=public --add-port=443/tcp --permanent # 开放443 tcp端口
firewall-cmd --zone=public --add-port=443/udp --permanent # 开放443 udp端口
firewall-cmd --zone=public --remove-port=22122/tcp --permanent #关闭22122 tcp端口
firewall-cmd --zone=public --remove-port=22122/udp --permanent #关闭22122 udp端口