526互联

rocky linux:配置firewalld防火墙(Rocky Linux 9.1)

发布时间 2023-05-09 15:49:54作者: 刘宏缔的架构森林

一,启动防火墙:

[root@blog zones]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (;;file://blog/usr/lib/systemd/system/firewalld.service/usr/lib/systemd/system/firewalld.service;;; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: ;;man:firewalld(1)man:firewalld(1);;
[root@blog zones]# systemctl start firewalld
[root@blog zones]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (;;file://blog/usr/lib/systemd/system/firewalld.service/usr/lib/systemd/system/firewalld.service;;; disabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-05-09 15:23:15 CST; 3s ago
       Docs: ;;man:firewalld(1)man:firewalld(1);;
   Main PID: 2580 (firewalld)
      Tasks: 2 (limit: 47185)
     Memory: 27.9M
        CPU: 346ms
     CGroup: /system.slice/firewalld.service
             └─2580 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid


May 09 15:23:15 iZ2zeai3tu5mxwrtdzrvuzZ systemd[1]: Starting firewalld - dynamic firewall daemon...
May 09 15:23:15 iZ2zeai3tu5mxwrtdzrvuzZ systemd[1]: Started firewalld - dynamic firewall daemon.

二,添加端口

说明:可以看到--permanent参数需要--reload后才生效

[root@blog zones]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
[root@blog zones]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@blog zones]# firewall-cmd --zone=public --add-port=22/tcp --permanent
success
[root@blog zones]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
[root@blog zones]# firewall-cmd --reload
success
[root@blog zones]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 80/tcp 22/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取: https://github.com/liuhongdi/
         或: https://gitee.com/liuhongdi

说明:作者:刘宏缔 邮箱: 371125307@qq.com

三,查看zone:

[root@blog zones]# firewall-cmd --get-zones
block dmz drop external home internal nm-shared public trusted work
[root@blog zones]#
[root@blog zones]# firewall-cmd --get-active-zones
public
  interfaces: eth0

四,查看linux的版本:

[root@blog ~]# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)