Linux防火墙:掌控端口和IP的开放与限制
最编程
2024-02-02 10:00:31
...
启动: systemctl start firewalld
关闭: systemctl stop firewalld
查看状态: systemctl status firewalld
开机禁用 : systemctl disable firewalld
开机启用 : systemctl enable firewalld
重新加载配置
firewall-cmd --reload重启防火墙
service firewalld restart查看已经开放的端口
firewall-cmd --list-ports关闭已开放的端口,以80端口为例
firewall-cmd --permanent --remove-port=80/tcp批量开放80到90之间的所有端口
firewall-cmd --zone=public --add-port=80-90/tcp --permanent
批量关闭80到90之间的端口
firewall-cmd --permanent --remove-port=80-90/tcp --remove-port=80-90/tcp
限制单个ip,限制192.168.1.100这个ip访问80端口
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.200' port protocol='tcp' port='80' reject"
批量限制ip,限制192.168.3.x的所有ip访问80端口
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.3.0/24' port protocol='tcp' port='80' reject"
允许单个ip访问80端口
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='192.168.0.200' port protocol='tcp' port='80' accept"
批量允许多ip访问80端口
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='192.168.3.0/24' port protocol='tcp' port='80' accept"
查看rich-rule
firewall-cmd --zone=public --list-rich-rules上一篇: HTML5 WebSocket |