ftp 防火墙配置

作者: CloudFlyKing | 来源:发表于2020-06-12 15:00 被阅读0次

防火墙设置
ftp 防火墙配置
CentOS 7部署FTP服务器
centos7下安装vsftp
linux Vsftp服务器配置
搭建FTP
CentOS下Pure-ftp安装配置
Linux(/centos7)虚拟机下搭建FTP服务器
HCNA学习（一）
CentOS开启MySQL远程客户端访问，解决10038报错

firewall

一些基本语法
增加端口

[root@localhost ~]# firewall-cmd --zone=work --add-port=3306/tcp --permanent 
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
work (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s20f0u1u6 enp90s0f3
  sources: 
  services: dhcpv6-client ftp ssh
  ports: 3306/tcp 80/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

删除端口

[root@localhost ~]# firewall-cmd --zone=work --remove-port=80/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
work (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s20f0u1u6 enp90s0f3
  sources: 
  services: dhcpv6-client ftp ssh
  ports: 3306/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

查看防火墙策略

[root@localhost ~]# firewall-cmd --list-all
work (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s20f0u1u6 enp90s0f3
  sources: 
  services: dhcpv6-client ftp ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  sourceports: 
  icmp-blocks: 
  rich rules:

1.更改默认zone：默认public

[root@weixing01 ~]# firewall-cmd --set-default-zone=work
success
[root@weixing01 ~]# firewall-cmd --get-default-zone 
work

2.查看当前zone下有哪些service：

[root@localhost upload]# firewall-cmd --list-services 
ssh dhcpv6-client

3.查看指定zone下有哪些service

[root@localhost upload]# firewall-cmd --zone=public  --list-services 
ssh dhcpv6-client

4.把一些服务增加到指定zone下面：

[root@localhost upload]# firewall-cmd --zone=public  --add-service=http
success
[root@localhost upload]# firewall-cmd --zone=public  --list-services 
ssh dhcpv6-client http

6.模板文件存在路径：

[root@localhost upload]# ls /usr/lib/firewalld/zones/
block.xml  drop.xml      home.xml      public.xml   work.xml
dmz.xml    external.xml  internal.xml  trusted.xml

[root@localhost upload]# ls /usr/lib/firewalld/services/
amanda-client.xml        ipp-client.xml    pmwebapis.xml       squid.xml
amanda-k5-client.xml     ipp.xml           pmwebapi.xml        ssh.xml
bacula-client.xml        ipsec.xml         pop3s.xml           synergy.xml
bacula.xml               iscsi-target.xml  pop3.xml            syslog-tls.xml
ceph-mon.xml             kadmin.xml        postgresql.xml      syslog.xml
ceph.xml                 kerberos.xml      privoxy.xml         telnet.xml
dhcpv6-client.xml        kpasswd.xml       proxy-dhcp.xml      tftp-client.xml
dhcpv6.xml               ldaps.xml         ptp.xml             tftp.xml
dhcp.xml                 ldap.xml          pulseaudio.xml      tinc.xml
dns.xml                  libvirt-tls.xml   puppetmaster.xml    tor-socks.xml
docker-registry.xml      libvirt.xml       radius.xml          transmission-client.xml
dropbox-lansync.xml      mdns.xml          RH-Satellite-6.xml  vdsm.xml
freeipa-ldaps.xml        mosh.xml          rpc-bind.xml        vnc-server.xml
freeipa-ldap.xml         mountd.xml        rsyncd.xml          wbem-https.xml
freeipa-replication.xml  ms-wbt.xml        samba-client.xml    xmpp-bosh.xml
ftp.xml                  mysql.xml         samba.xml           xmpp-client.xml
high-availability.xml    nfs.xml           sane.xml            xmpp-local.xml
https.xml                ntp.xml           smtps.xml           xmpp-server.xml
http.xml                 openvpn.xml       smtp.xml
imaps.xml                pmcd.xml          snmptrap.xml
imap.xml                 pmproxy.xml       snmp.xml

7.拷贝ftp模板过来

cp  /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services/
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>FTP</short>
  <description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="21"/>
  <module name="nf_conntrack_ftp"/>
</service>

8.拷贝work模板过来

cp /usr/lib/firewalld/zones/work.xml /etc/firewalld/zones/

9.修改work.xml增加ftp服务

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Work</short>
  <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <service name="ftp"/>
</zone>

10.更改默认zone为work

 firewall-cmd --set-default-zone=work

11.重启防火墙

service firewalld restart

iptables设置

1.增加21端口

vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

2.加载额外模块 ip_conntrack_ftp

vi /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"

3.重启防火墙

service iptables restart

网友评论

本文标题：ftp 防火墙配置

本文链接：https://www.haomeiwen.com/subject/gnngtktx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

ftp 防火墙配置

firewall

iptables设置

相关文章

防火墙设置

ftp 防火墙配置

CentOS 7部署FTP服务器

centos7下安装vsftp

linux Vsftp服务器配置

搭建FTP

CentOS下Pure-ftp安装配置

Linux(/centos7)虚拟机下搭建FTP服务器

HCNA学习（一）

CentOS开启MySQL远程客户端访问，解决10038报错

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读