- 云服務(wù)器優(yōu)惠
- 阿里云優(yōu)惠券
- 騰訊云優(yōu)惠券
- 京東云優(yōu)惠券
- 站點(diǎn)信息
- 問(wèn)題反饋
- 郵箱:[email protected]
關(guān)注微信
?2016-2026 Matools All rights reserved,
粵ICP備17059708號(hào)
1. 通用命令: 查看防火墻版本
iptables -version
2. RHEL6
(1) 查看防火墻狀態(tài)(如果得到一系列的信息, 說(shuō)明防火墻處于開(kāi)啟狀態(tài))
/etc/init.d/iptables status
(2) 開(kāi)啟/關(guān)閉防火墻, 重啟后生效
chkconfig iptables on chkconfig iptables off
(3) 開(kāi)啟/關(guān)閉/重啟防火墻, 即時(shí)生效, 但重啟系統(tǒng)后防火墻會(huì)恢復(fù)到之前的開(kāi)啟或關(guān)閉狀態(tài)
service iptables stop service iptables start service iptables restart
(4) 允許訪問(wèn)80端口
iptables -I INPUT -i eth0 -p tcp --dport 80 -j ACCEPT iptables -I OUTPUT -o
eth0 -p tcp --sport 80 -j ACCEPT /etc/rc.d/init.d/iptables save
(5) 阻止訪問(wèn)80端口
iptables -I INPUT -i eth0 -p tcp --dport 80 -j DROP iptables -I OUTPUT -o eth0
-p tcp --sport 80 -j DROP /etc/rc.d/init.d/iptables save
3. RHEL7
(1) 啟動(dòng)/關(guān)閉防火墻服務(wù)
systemctl start firewalld.service systemctl stop firewalld.service systemctl
restart firewalld.service
(2) 顯示防火墻服務(wù)狀態(tài)
systemctl status firewalld.service
(3) 設(shè)置開(kāi)機(jī)啟動(dòng)/禁用防護(hù)墻服務(wù)
systemctl enable firewalld.service systemctl disable firewalld.service
(4) 查看防火墻服務(wù)是否開(kāi)機(jī)啟動(dòng)
systemctl is-enabled firewalld.service;echo $?
(5) 查看已啟動(dòng)的服務(wù)列表
systemctl list-unit-files | grep enabled
(6) 查看防火墻允許的端口號(hào)
firewall-cmd --zone=public --list-ports
(7) 允許訪問(wèn)80端
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo
firewall-cmd --reload
若不使用“--permanent”, 則防火墻規(guī)則在重啟后會(huì)失效.
(8) 阻止訪問(wèn)80端口
sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent sudo
firewall-cmd --reload
若不使用“--permanent”, 則防火墻規(guī)則在重啟后會(huì)失效.
4. Ubuntu
(1) 由于Linux原始的防火墻工具iptables過(guò)于繁瑣, 所以Ubuntu默認(rèn)提供了一個(gè)基于iptable之上的防火墻工具ufw.
Ubuntu已默認(rèn)安裝ufw.
(2) 安裝防火墻
apt install ufw
(3) 查看版本
ufw version
(4) 打開(kāi)/關(guān)閉防火墻
ufw enable ufw disable
(5) 外來(lái)訪問(wèn)默認(rèn)允許/拒絕
ufw default allow/deny
(6) 顯示防火墻狀態(tài)
ufw status
(7) 允許/禁用某服務(wù)對(duì)應(yīng)的端口號(hào)(ufw從/etc/services中找到對(duì)應(yīng)service的端口, 進(jìn)行過(guò)濾)
sudo ufw allow [service] sudo ufw deny [service]
例如: sudo ufw allow ssh表明: 允許所有的外部IP訪問(wèn)本機(jī)的22/tcp(ssh)端口
(8) 允許/禁用某端口號(hào)(例: 22包括tcp和udp, 22/tcp只是tcp端口, 22/udp只是udp端口)
sudo ufw allow 22 sudo ufw deny 22
(9) 允許/禁用某特定IP
ufw allow from 122.168.254.254 to any ufw deny from 122.168.254.254 to any
(10) 允許/禁用某特定IP的某個(gè)端口的訪問(wèn)
ufw allow from 122.168.254.254 to any port 80 ufw deny from 122.168.254.254 to
any port 80
(11) 刪除某個(gè)已定義的規(guī)則
<1> 顯示規(guī)則號(hào), 輸入如下命令
sudo ufw status numbered # 會(huì)顯示防火墻的已有規(guī)則并編號(hào) Status: active To Action From --
------ ---- [ 1] Nginx HTTP ALLOW IN Anywhere [ 2] OpenSSH ALLOW IN Anywhere [
3] Nginx HTTP (v6) ALLOW IN Anywhere (v6) [ 4] OpenSSH (v6) ALLOW IN Anywhere
(v6)
<2> 根據(jù)編號(hào)刪除某個(gè)規(guī)則, 如刪除上面Nginx(v6)的規(guī)則
sudo ufw delete 3
(12) /var/lib/ufw/user.rules這個(gè)文件中是我們?cè)O(shè)置的一些防火墻規(guī)則, 有時(shí)我們可以直接修改這個(gè)文件, 不用使用命令來(lái)設(shè)定.
修改后記得ufw reload后重啟ufw使得新規(guī)則生效.
熱門工具 換一換