In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Firewalld character management tool 1, Firewalld firewall maintenance command 1, firewall process operation
Systemctl start firewalld
[root@localhost ~] # systemctl start firewalld
Set firewalld to boot
Systemctl status firewalld
[root@localhost ~] # systemctl enable firewalld
If firewalld is running, you can view its running status through the systemctl status firewalld or firewall-cmd command
Systemctl restart firewalld
[root@localhost ~] # systemctl status firewalld
Turn off the firewall:
Systemctl stop firewalld
2. Firewall management operation
Irewall-cmd command
Support all firewall features
For status and query mode, the command returns only the status and no other output
-- permanent parameter: this parameter indicates permanent configuration, otherwise it indicates runtime configuration.
[--zone=] option: if you do not carry this option, you will operate for the default region, otherwise you will operate for the specified area
Firewall reload configuration command
1. Firewall-cmd-reload
[root@localhost] # firewall-cmd-- reload
2. Firewall-cmd-- complete-reload # status information will be lost
[root@localhost] # firewall-cmd-- complete-reload
3 、 systemctl restart firewalld
Query predefined information command
1. Query predefined information command
[root@localhost] # firewall-cmd-- get-zones
2. View predefined services
[root@localhost] # firewall-cmd-- get-services
3. View predefined ICMP types
[root@localhost] # firewall-cmd-- get-icmptypes
Firewalld area operation command
1. Display the default area of the network connection or interface
[root@localhost] # firewall-cmd-- get-default-zone
2. Set the default area of network connection or interface to internal.
[root@localhost] # firewall-cmd-- set-default-zone=internal
3. Show all activated areas # # conditions for activation: at least one or one source address / network segment in the region
[root@localhost] # firewall-cmd-- get-active-zones
4. Display the area bound by the ens33 API
[root@localhost] # firewall-cmd-- get-zone-of-interface=ens33
5. Bind work region to ens33 interface
[root@localhost] # firewall-cmd-- zone=work-- add-interface=ens33
6. Change the bound network interface ens33 for the internal region
[root@localhost] # firewall-cmd-- zone=internal-- change-interface=ens33
7. Delete the bound network interface ens33 for the internal region
[root@localhost] # firewall-cmd-- zone=internal-- remove-interface=ens33
8. Query whether the interface ens33 is included in the internal area
[root@localhost] # firewall-cmd-- zone=internal-- query-interface=ens33
9. Show all areas and their rules
[root@localhost] # firewall-cmd-- list-all-zones
10. Show all the rules for the internal area
[root@localhost] # firewall-cmd-- zone=internal-- list-all
11. Show all rules for the default area
[root@localhost] # firewall-cmd-- list-all
Command summary option description-get-default-zone displays the default area for network connections or interfaces-set-default-zone= "zone" sets the default area for network connections or interfaces-get-active-zones displays all areas that have been activated-get-zone-of-interface= "interface" shows the area bound by the specified interface-- zone= "zone"-- add-interface= "interface" is the specified interface binding area-- zone= "zone"-- change-interface= "interface" changes the bound network interface for the specified area-- zone= "zone"-- remove-interface= "interface" deletes the bound network interface for the specified area-- query-interface= "interface" queries whether the area contains an interface-- list-all-zones displays all zones and their rules [--zone= "zone"]-- list-all displays all regular Firewalld service operation commands for all specified areas
1. Show all services that are allowed to be accessed in the internal area
[root@localhost] # firewall-cmd-- zone=internal-- list-services
2. Allow access to the SMTP service for the public locale
[root@localhost] # firewall-cmd-- zone=public-- add-service=smtp
3. Delete the SSH service in the internal area
[root@localhost] # firewall-cmd-- zone=internal-- remove-service=ssh
4. Query whether SSH service is enabled in the internal area
[root@localhost] # firewall-cmd-- zone=internal-- query-service=ssh
Command summary option description [--zone= "zone"]-- list-services displays all services allowed to access in the specified area [--zone= "zone"]-- add-service= sets a service to be accessed for the specified locale [--zone= "zone"]-- remove-service= "service" deletes a service that has been set for the specified region to be accessed [--zone= "zone"]-- query-service= "service. "query whether a service Firewalld port operation command is enabled in the specified area
1. Display all port numbers allowed to be accessed in the internal area
[root@localhost] # firewall-cmd-- zone=internal-- list-ports
2. Enable the TCP protocol combination of port 22 in interna region.
[root@localhost] # firewall-cmd-zone=internal-add-port=22/tcp-timeout=5m
-- timeout=5m: delete the port after 5 minutes, mostly for testing purposes
3. Disable the TCP protocol combination of port 22 in internal area.
[root@localhost] # firewall-cmd-- zone=internal-- remove-port=22/tcp
4. Query whether port 22 and TCP protocol combination are enabled in the internal area.
[root@localhost] # firewall-cmd-- zone=internal-- query-port=22/tcp
Command summary option description [--zone= "zone"]-- list-ports displays all port numbers allowed to be accessed in the specified area [--zone= "zone"]-- add-port= "port" [- "port"] / "protocol" [--timeout= "seconds"] enable zone port and protocol combination Optional configuration timeout [--zone= "zone"]-- remove-port= "port" [- "port"] / "protocol" disable zone port and protocol combination [--zone= "zone"]-- query-port= "port" [- "port"] / "protocol" query area whether the port and protocol combination Firewalld blocking ICMP operation command is enabled
1. Show all ICMP types blocked in the work area
[root@localhost] # firewall-cmd-- zone=work-- list-icmp-blocks
2. Set the blocking echo-reply type ICMP for the work region
[root@localhost] # firewall-cmd-- zone=work-- add-icmp-block=echo-reply
3. Delete the blocked echo-reply type ICMP in the work area
[root@localhost] # firewall-cmd-- zone=work-- remove-icmp-block=echo-reply
4. Query whether the ICMP of echo-request type in work region is blocked.
[root@localhost] # firewall-cmd-- zone=work-- query-icmp-block=echo-request
Command summary option description [--zone= "zone"]-- list-icmp-blocks displays all ICMP types blocked in the specified area [--zone= "zone"]-- add-icmp-block= "icmptype" sets a blocked ICMP type for the specified area [--zone= "zone"]-- remove-icmp-block= "icmptype" deletes a blocked ICMP type in the specified area [--zone= "zone"]-- query- Icmp-block= "icmptype" queries the ICMP blocking function of the specified area
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
