开启防火墙
systemctl start firewalld.service
关闭防火墙
systemctl stop firewalld.service
查看防火墙状态
systemctl status firewalld.service
开启开机启动防火墙
systemctl enable firewalld.service
关闭开机启动防火墙
systemctl disable firewalld.service
开启某个端口(80)
firewall-cmd --zone=public --add-port=80/tcp --permanent //永久
firewall-cmd --zone=public --add-port=80/tcp //临时
端口转发
firewall-cmd --zone=public --add-masquerade --permanent //打开IP地址伪装
//将8080转发到80
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
创建黑名单
//创建blacklist ipset
firewall-cmd --permanent --zone=public --new-ipset=blacklist --type=hash:ip
//封禁 blacklist
firewall-cmd --permanent --zone=public --add-rich-rule='rule source ipset=blacklist drop'
//查看 blacklist
firewall-cmd --ipset=blacklist --get-entries
//添加IP到黑名单
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=212.237.51.36
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=188.226.191.66
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=80.211.137.182
firewall-cmd --permanent --zone=public --ipset=blacklist --add-entry=60.191.66.226
禁止被PING(丢弃ICMP包)
firewall-cmd --permanent --zone=public --add-rich-rule='rule protocol value=icmp drop'
重载防火墙配置
firewall-cmd --reload
网友评论