AI HOME AI HOME

firewall-cmd常用命令

杂货箱2周前发布 dennis
0

常用命令

# 开启防火墙
systemctl start firewalld.service
# 防火墙开机启动
systemctl enable firewalld.service
# 查看服务状态
systemctl enable firewalld.service

# 查看当前状态
firewall-cmd --list-all
firewall-cmd --list-services
firewall-cmd --list-ports
firewall-cmd --state

# 开放通过tcp访问3306
firewall-cmd --permanent --add-port=3306/tcp
# 阻止通过tcp访问
firewall-cmd --permanent --remove-port=3306/tcp
# 添加多个端口
firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp

# 针对某个 IP开放端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="6379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.233" accept"
# 删除某个IP
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.51" accept"
# 针对一个ip段访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0/16" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept"

# 将80端口的流量转发至8080
firewall-cmd  --permanent --add-forward-port=port=80:proto=tcp:toport=8080   
# 将80端口的流量转发至192.168.0.1
firewall-cmd  --permanent --add-forward-port=proto=80:proto=tcp:toaddr=192.168.1.0.1 
# 将80端口的流量转发至192.168.0.1的8080端口123 
firewall-cmd  --permanent --add-forward-port=proto=80:proto=tcp:toaddr=192.168.0.1:toport=8080        

# 重载
firewall-cmd --reload

远程访问端口转发命令

echo 1 ><a class="external" href="" title="查看与  相关的文章" target="_blank"></a>/proc/sys/net/ipv4/ip_forward
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --permanent --add-port=53389/tcp 
firewall-cmd --zone=public --permanent --add-port=2222/tcp 
firewall-cmd --zone=public --permanent --add-port=1194/tcp 
firewall-cmd --zone=public --permanent --add-forward-port=port=53389:proto=tcp:toaddr=10.8.0.3:toport=3389
firewall-cmd --zone=public --permanent --add-forward-port=port=2222:proto=tcp:toaddr=10.8.0.4:toport=2222
firewall-cmd --zone=public --permanent --add-port=8080/tcp
firewall-cmd --reload

参考文档

https://www.niwoxuexi.com/blog/php/article/339.html

© 版权声明
文章版权归作者所有,未经允许请勿转载。

相关文章

Elatisticsearch搜索引擎资料整理
Avatar photo dennis
0
Linux性能测试
Avatar photo dennis
0
Javap命令分析
Avatar photo dennis
0
Linux性能监控
Avatar photo dennis
0
Docker教程及使用手册
Avatar photo dennis
0
【纯干货】PostgreSql 常用命令总结
Avatar photo dennis
0
添加小工具
点此为“正文侧边栏”添加小工具
Copyright © 2025 AI HOME