Firewalld 是 Linux 系统上的一个动态防火墙管理工具,它用于管理和配置系统的防火墙规则。
Firewalld 是 Red Hat Enterprise Linux(RHEL)和 CentOS 等发行版的默认防火墙管理工具。
Firewalld 的设计理念是基于区域(zone)和服务(service)的概念。每个网络接口可以分配到一个特定的区域,而每个区域都有一组预定义的规则集。服务则定义了一组相关的网络端口和协议,可以与特定的区域关联。
Firewalld 提供了一个命令行工具(firewall-cmd)和一个图形用户界面(firewall-config)来管理防火墙规则。使用这些工具,您可以轻松地添加、删除和修改防火墙规则,配置网络接口的区域,以及管理服务和端口的访问权限。
Firewalld 还支持动态更新防火墙规则,这意味着您可以在运行时添加或删除规则,而无需重新启动防火墙服务。这使得 Firewalld 非常适合于需要频繁更改防火墙规则的环境。
在命令行输入 “systemctl start firewalld.service” 命令并按下回车键,启用防火墙,例如:
# 启动防火墙 [hxstrive@localhost ~]$ systemctl start firewalld.service # 查看防火墙状态 [hxstrive@localhost ~]$ systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2023-09-19 12:27:50 CST; 8s ago Docs: man:firewalld(1) Main PID: 13329 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─13329 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
在命令行输入 “systemctl status firewalld.service” 命令并按下回车键,查看防火墙状态,例如:
[root@localhost resources]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 一 2023-09-18 13:26:32 CST; 14min ago Docs: man:firewalld(1) Main PID: 832 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─832 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid 9月 18 13:26:28 localhost systemd[1]: Starting firewalld - dynamic firewall daemon... 9月 18 13:26:32 localhost systemd[1]: Started firewalld - dynamic firewall daemon. 9月 18 13:26:33 localhost firewalld[832]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a futu...ing it now. Hint: Some lines were ellipsized, use -l to show in full.
从上述输出信息可知,防火墙服务 firewalld.service 没有启动。
在命令行中输入 “systemctl stop firewalld.service” 命令并按下回车键,关闭防火墙。例如:
# 停止防火墙 [root@localhost resources]# systemctl stop firewalld.service
在命令行中输入 “systemctl disable firewalld.service” 命令并按下回车键,永久关闭防火墙。例如:
[root@localhost resources]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
在命令行中输入 “systemctl enable firewalld.service” 命令并按下回车键,当系统启动时启用 firewalld.service 防火墙服务。例如:
[hxstrive@localhost ~]$ systemctl enable firewalld.service Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.