一、linux默认防火墙firewalld
1、常用命令
systemctl status firewalld #查看防火状态
systemctl stop firewalld #暂时关闭防火墙
systemctl disable firewalld #永久关闭防火墙
systemctl enable firewalld #启用防火墙2、放行端口
firewall-cmd --zone=public --add-port=80/tcp --permanent #放行80端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent #放行3306端口
firewall-cmd --reload #重载配置放行或者关闭端口后记得重载防火墙
3、关闭端口
firewall-cmd --zone=public --remove-port=3306/tcp --permanent #关闭3306端口
firewall-cmd --reload #重载配置二、iptables-services防火墙
1、关闭默认防火墙firewalld
systemctl mask firewalld
systemctl stop firewalld2、yum源安装iptables-services
yum -y install iptables-services
systemctl enable iptables
systemctl start iptables3、配置iptable
vim /etc/sysconfig/iptables修改配置如下:
# sample configuration for iptables service# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT,代表开放3306端口。
4、iptable常用命令
service iptables status #查看防火状态
service iptables stop #暂时关闭防火墙
service iptables restart #重启防火墙三、检测端口连通性
1、ping命令
ping 192.168.217.128cmd命令行检测目标ip是否连通
2、curl命令
curl 192.168.217.128:4000bash环境下使用curl检测目标ip:端口是否连通
3、telnet命令
telnet 192.168.217.128 4000
