欧美一级特黄大片做受成人-亚洲成人一区二区电影-激情熟女一区二区三区-日韩专区欧美专区国产专区

firewalld操作實(shí)踐-創(chuàng)新互聯(lián)

1、firewalld 從名稱(chēng)上看,模仿的是硬件防火墻的概念,zone. 所有的接口都必須屬于某個(gè)zone . 在zone內(nèi)配置規(guī)則。firewalld操作實(shí)踐

2. 常用的方法是 增加對(duì)一個(gè)tcp或者udp端口號(hào)的允許通過(guò)的規(guī)則。

創(chuàng)新互聯(lián)公司主營(yíng)彭山網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營(yíng)網(wǎng)站建設(shè)方案,成都App定制開(kāi)發(fā),彭山h5微信小程序定制開(kāi)發(fā)搭建,彭山網(wǎng)站營(yíng)銷(xiāo)推廣歡迎彭山等地區(qū)企業(yè)咨詢(xún)

  firewall-cmd --add-service icmp --permanent

  firewall-cmd --reload

3. firewalld進(jìn)程有時(shí)候可能沒(méi)有啟動(dòng)。需要啟動(dòng)一下對(duì)應(yīng)的進(jìn)程。

[root@localhost zhou]# firewall-cmd --reload
FirewallD is not running
[root@localhost zhou]# ps -ef | grep firewall
root 2970 2757 0 07:57 pts/0 00:00:00 grep --color=auto firewall
[root@localhost zhou]# systemctl start firewalld
[root@localhost zhou]#
[root@localhost zhou]# ps -ef | grep firewall
root 2983 1 14 07:58 ? 00:00:00 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
root 3207 2757 0 07:58 pts/0 00:00:00 grep --color=auto firewall
[root@localhost zhou]#
[root@localhost zhou]#

4. 查看系統(tǒng)所有的zone

[root@localhost zhou]# firewall-cmd --get-zones      ---> 顯示所有zone
work drop internal external trusted home dmz public block
[root@localhost zhou]# firewall-cmd --get-default-zone  ---> 顯示默認(rèn)zone
public
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --list-all-zones  ---> 顯示所有zone的所有規(guī)則
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
sourceports:
icmp-blocks:
rich rules:

trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

public (active)
target: default
icmp-block-inversion: no
interfaces: ens33 ens37
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --list-all --zone=public  ---> 顯示public zone的所有規(guī)則
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

5. 獲取接口默認(rèn)所屬的zone

[root@localhost zhou]# firewall-cmd --get-zone-of-interface ens33
public
[root@localhost zhou]#
[root@localhost zhou]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:f2:c7:50 brd ff:ff:ff:ff:ff:ff
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:f2:c7:5a brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:15:47:59 brd ff:ff:ff:ff:ff:ff
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000
link/ether 52:54:00:15:47:59 brd ff:ff:ff:ff:ff:ff
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --get-zone-of-interface lo
no zone
[root@localhost zhou]#
[root@localhost zhou]# firewall-cmd --get-zone-of-interface ens37
no zone
[root@localhost zhou]#
[root@localhost zhou]#

6. 增加某個(gè)服務(wù)或者端口號(hào)

[root@localhost zhou]# firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public
success
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]# firewall-cmd --reload
success
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --remove-service=ssh --zone=public
success
[root@localhost zhou]#
[root@localhost zhou]#

關(guān)閉ssh服務(wù),下面的命令輸入后,ssh連接就不能再建立,對(duì)已有的ssh連接無(wú)影響。
[root@localhost zhou]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

[root@localhost zhou]#

[root@localhost zhou]# firewall-cmd --permanent --add-port=3306/tcp  ----> 增加tcp端口號(hào)3306, 就是mySQL服務(wù)器的端口號(hào)。
success
[root@localhost zhou]# firewall-cmd --reload
success
[root@localhost zhou]#

參考:

Firewalld詳解

https://zhuanlan.zhihu.com/p/23519454

本文名稱(chēng):firewalld操作實(shí)踐-創(chuàng)新互聯(lián)
文章路徑:http://aaarwkj.com/article6/phcog.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供軟件開(kāi)發(fā)網(wǎng)站改版、虛擬主機(jī)、靜態(tài)網(wǎng)站、做網(wǎng)站、手機(jī)網(wǎng)站建設(shè)

廣告

聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀(guān)點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話(huà):028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)

微信小程序開(kāi)發(fā)
成人爱爱免费观看视频| 91九色在线精品人妻| 国产成人av中文字暮在线| 欧美一区二区三区成人网| 午夜福利视频欧美成人| 亚洲精品熟女国产中文| 人妻一本久道久久综合鬼色| 国产成人国产精品国产三级| 日韩一区二区免费看视频| 亚洲成色在线综合剧情网站| 精品国产91乱码一区二区三区| 一区二区在线日韩欧美| 裸体性做爰免费视频网站| 深夜视频国产在线观看| 日韩中文字幕久久中文字幕| 久久精品亚洲国产成人av| 中文字幕国产精品综合一区| 日本精品一区二区三区免费| 欧美影院波波在线影院| 黑人精品少妇一区二区三区| 国产91在线观看网站| 美国一级黄片在线观看| 国语对白自拍视频在线播放| 亚洲av少妇一区二区成年男人| 亚洲av成人精品日韩一区麻豆 | 国产女同一区二区三区久久| 免费亚洲一区二区三区| 色哟哟91精品色哟哟| 激情图区亚洲一区二区| 99久久精品免费国产一区| 亚洲精品区免费观看av| 日韩精品有码在线视频免费观看| 精品国产第一区二区三区| 国产97精品在线播放| 日韩中文字幕在线乱码| 午夜影院网站在线看黄| 91亚洲自偷观看高清| 久久亚洲国产成人精品性色| 97资源在线公开视频| 久久免费看少妇高潮免费| 日日添夜夜添天天操|