Linux常用命令速查-防火墙

运维 · 2020-10-26

CentOS 7

查看防火墙状态

systemctl status firewalld

开启防火墙

systemctl start firewalld

防火墙开机自启

systemctl enable firewalld

关闭防火墙

systemctl stop firewalld

永久关闭防火墙

systemctl disable firewalld

重载防火墙 (修改规则后都需要重载才能生效)

firewall-cmd --reload

开放端口

firewall-cmd --zone=public --add-port=22/tcp --permanent

限制端口

firewall-cmd --zone=public --remove-port=22/tcp --permanent

批量开放端口

firewall-cmd --zone=public --add-port=100-500/tcp --permanent

批量限制端口

firewall-cmd --zone=public --remove-port=100-500/tcp --permanent

查看放开的所有端口

firewall-cmd --zone=public --list-ports

限制IP地址访问

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"

解除IP地址限制

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" accept"

查看设置防火墙规则

firewall-cmd --zone=public --list-rich-rules

Ubuntu 20.04

查看防火墙状态

ufw status

启用防火墙

ufw enable

禁用防火墙

ufw disable

重载防火墙

ufw reload

开放单个端口

ufw allow 80

开放端口区间

ufw allow 80:90/tcp

限制端口

ufw deny 80

关闭端口

ufw delete allow 20

允许外部访问

ufw default allow

拒绝外部访问

ufw default deny

允许IP地址访问所有端口

ufw allow from 192.168.*.*

拒绝IP地址访问所有端口

ufw delete allow from 192.168.*.*

允许指定IP访问端口

ufw allow from 192.168.121.2 to any port 3306

关闭指定IP访问端口

ufw delete allow from 192.168.121.2 to any port 3306
Linux
Theme Jasmine by Kent Liao