Firewalld 是 Linux 系统上的一个动态防火墙管理工具,它用于管理和配置系统的防火墙规则。
Firewalld 是 Red Hat Enterprise Linux(RHEL)和 CentOS 等发行版的默认防火墙管理工具。
Firewalld 的设计理念是基于区域(zone)和服务(service)的概念。每个网络接口可以分配到一个特定的区域,而每个区域都有一组预定义的规则集。服务则定义了一组相关的网络端口和协议,可以与特定的区域关联。
Firewalld 提供了一个命令行工具(firewall-cmd)和一个图形用户界面(firewall-config)来管理防火墙规则。使用这些工具,您可以轻松地添加、删除和修改防火墙规则,配置网络接口的区域,以及管理服务和端口的访问权限。
Firewalld 还支持动态更新防火墙规则,这意味着您可以在运行时添加或删除规则,而无需重新启动防火墙服务。这使得 Firewalld 非常适合于需要频繁更改防火墙规则的环境。
在命令行输入 “systemctl start firewalld.service” 命令并按下回车键,启用防火墙,例如:
# 启动防火墙
[hxstrive@localhost ~]$ systemctl start firewalld.service
# 查看防火墙状态
[hxstrive@localhost ~]$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2023-09-19 12:27:50 CST; 8s ago
Docs: man:firewalld(1)
Main PID: 13329 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─13329 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid在命令行输入 “systemctl status firewalld.service” 命令并按下回车键,查看防火墙状态,例如:
[root@localhost resources]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2023-09-18 13:26:32 CST; 14min ago
Docs: man:firewalld(1)
Main PID: 832 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─832 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
9月 18 13:26:28 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
9月 18 13:26:32 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
9月 18 13:26:33 localhost firewalld[832]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a futu...ing it now.
Hint: Some lines were ellipsized, use -l to show in full.从上述输出信息可知,防火墙服务 firewalld.service 没有启动。
在命令行中输入 “systemctl stop firewalld.service” 命令并按下回车键,关闭防火墙。例如:
# 停止防火墙
[root@localhost resources]# systemctl stop firewalld.service在命令行中输入 “systemctl disable firewalld.service” 命令并按下回车键,永久关闭防火墙。例如:
[root@localhost resources]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.在命令行中输入 “systemctl enable firewalld.service” 命令并按下回车键,当系统启动时启用 firewalld.service 防火墙服务。例如:
[hxstrive@localhost ~]$ systemctl enable firewalld.service
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
川公网安备51010802032098
