CentOS 7 下的 Firewall
CentOS 7 默認實用的用Firewalld作為防火墻,摒棄了原先的iptables。但是內核還是使用iptable作為管理
參考文檔
https://access.redhat.com/documentation/zh-CN/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
http://www.myhome.net.tw/2015_02/p10.htm
firewall的啟動和關閉命令
#systemctl?start?firewalld #systemctl?enable?firewalld #systemctl?stop?firewalld #systemctl?disable?firewalld #systemctl?status?firewalld1Firewalld目錄
?/usr/lib/firewalld 這個目錄是預設的設定資料,就是最原始的配置。可以在其目錄下面看到很多的xml文件。
?/etc/firewalld 存放現(xiàn)在正在實用的配置文檔,如果下面沒有就會采用/usr/lib/firewalld 目錄中默認的配置文檔。
2Friewall的命令
可以通過GUI界面來管理firewalld ,在有視窗的centos中,Applications->sundry->firewall可以來管理和配置
也可以通過命令行的方式來管理 firewall-cmd來具體的配置,可以實用man命令來了解firewalld相關命令的實用方式
#?man?firewalld.conf #?man?firewall-cmd #?man?firewalld.zone #?man?firewalld.service #?man?firewalld.icmptype #?man?firewalld.direct常用的命令如下
1 添加http和https服務
#?firewall-cmd?--permanent?--zone=public?--add-service=http #?firewall-cmd?--permanent?--zone=public?--add-service=https #??firewall-cmd?--reload(不中斷連接加載)其中 --permanent(翻譯:永久)是永久修改?
2 修改SSH的端口22到23456
[root@localhost?~]#?cp?/usr/lib/firewalld/services/ssh.xml?/etc/firewalld/services/ [root@localhost?~]#?vi?/etc/firewalld/services/ssh.xml <?xml?version="1.0"?encoding="utf-8"?> <service><short>SSH</short><description>Secure?Shell?(SSH)?is?a?protocol?for?logging?into?and?executing?commands?on?remote?machines.?It?provides?secure?encrypted?communications.?If?you?plan?on?accessing?your?machine?remotely?via?SSH?over?a?firewalled?interface,?enable?this?option.?You?need?the?openssh-server?package?installed?for?this?option?to?be?useful.</description><port?protocol="tcp"?port="23456"/> </service> [root@localhost?~]#?firewall-cmd?--complete-reload?(中斷連接加載) [root@localhost?~]#?vi?/etc/ssh/sshd_config #???????$OpenBSD:?sshd_config,v?1.93?2014/01/10?05:59:19?djm?Exp?$#?This?is?the?sshd?server?system-wide?configuration?file.??See #?sshd_config(5)?for?more?information.#?This?sshd?was?compiled?with?PATH=/usr/local/bin:/usr/bin#?The?strategy?used?for?options?in?the?default?sshd_config?shipped?with #?OpenSSH?is?to?specify?options?with?their?default?value?where #?possible,?but?leave?them?commented.??Uncommented?options?override?the #?default?value.#?If?you?want?to?change?the?port?on?a?SELinux?system,?you?have?to?tell #?SELinux?about?this?change. #?semanage?port?-a?-t?ssh_port_t?-p?tcp?#PORTNUMBER # Port?23456 #AddressFamily?any #ListenAddress?0.0.0.0 #ListenAddress?::? [root@localhost?~]#?systemctl?restart?sshd [root@localhost?~]#?systemctl?status?sshd sshd.service?-?OpenSSH?server?daemonLoaded:?loaded?(/usr/lib/systemd/system/sshd.service;?enabled)Active:?active?(running)?since?Mon?2015-08-31?17:47:22?CST;?25s?agoMain?PID:?12302?(sshd)CGroup:?/system.slice/sshd.service?..12302?/usr/sbin/sshd?-DAug?31?17:47:22?localhost.localdomain?systemd[1]:?Started?OpenSSH?server?daemon. Aug?31?17:47:22?localhost.localdomain?sshd[12302]:?Server?listening?on?0.0.0.0?port?23456. Aug?31?17:47:22?localhost.localdomain?sshd[12302]:?Server?listening?on?::?port?23456. Aug?31?17:47:23?localhost.localdomain?python[12304]:?SELinux?is?preventing?/usr/sbin/sshd?from?name_bind?access?on?the?tcp_socket?port?23456.*****??Plugin?bind_ports?(92.2?confidence)?suggests???************************... Hint:?Some?lines?were?ellipsized,?use?-l?to?show?in?full. [root@localhost?~]#轉載于:https://blog.51cto.com/lixiaotao/1690193
總結
以上是生活随笔為你收集整理的CentOS 7 下的 Firewall的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: html字体版权,字体在网站中的版权问题
- 下一篇: HttpModules 管道过滤 自定义