sfs3主机存放的是學生的各种相關資料, 為了小心謹慎保護好資料, 我們還是討論一下firewalld
安裝firewalld
# yum
install -y firewalld
start
firewalld service
#
systemctl start firewalld
start
at boot
#systemctl
enable firewalld
Check the firewall
status.
#firewall-cmd --state
Firewall Zones
Zones are pre-constructed rulesets for various trust levels you
would likely have for a given location or scenario (e.g. home, public, trusted,
etc.).
To view the available zones
#firewall-cmd --get-zones
To view the default zone
#firewall-cmd
--get-default-zone
Showing
the currently allowed services and ports on your system List all the allowed
services :
#firewall-cmd
--list-services
Working with Services
To
view the d predefined services :
#firewall-cmd --get-services
For
instance, if we are running a web server serving conventional HTTP traffic, we
can allow this traffic for interfaces in our "public" zone for this
session by typing:
#firewall-cmd
--zone=public --add-service=http
#firewall-cmd
--zone=public --add-service=http --permanent
#firewall-cmd
--zone=public --remove-service=http --permanent
Thus,
#firewall-cmd --permanent --zone=public
--add-service=http
#firewall-cmd --permanent --zone=public --add-service=https
#firewall-cmd
–reload
For
sfs3
#firewall-cmd
--permanent --zone=public --add-rich-rule='rule family="ipv4" source
address="192.168.20.0/24" port protocol="tcp"
port="80" accept' --permanent
#firewall-cmd
--reload
#firewall-cmd
--zone=public --list-all
remove
#
firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4"
source address="192.168.20.0/24" port protocol="tcp"
port="80" accept' --permanent
#firewall-cmd
--zone=public --list-all
參考
沒有留言:
張貼留言