- 工信部备案号 滇ICP备05000110号-1
- 滇公网安备53011102001527号
- 增值电信业务经营许可证 B1.B2-20181647、滇B1.B2-20190004
- 云南互联网协会理事单位
- 安全联盟认证网站身份V标记
- 域名注册服务机构许可:滇D3-20230001
- 代理域名注册服务机构:新网数码
- CN域名投诉举报处理平台:电话:010-58813000、邮箱:service@cnnic.cn
相关文章
【滇企复工进行时】8455线路检测中心:未雨绸缪,危机之下必有机遇 倪光南推进国产操作系统:打破有鸡没蛋或有蛋没鸡 【站长故事】30岁seo老鸟走过的路:继续拼搏不敢松懈 良好习惯护航上网安全 A5图王:没有信心的站长看过来,让你恢复建站信心
firewalld 防火墙配置全指南
2025-12-19 15:14:16
231
firewalld 防火墙配置全指南
欢迎来到8455线路检测中心技术小课堂,每天分享一个运维必备技能。在 CentOS 7 服务器运维中,防火墙是抵御网络攻击的“第一道防线”——开放不必要的端口、规则配置不当,会直接给黑客留下入侵漏洞,导致服务器被扫描、攻击甚至植入恶意程序。很多新手因忽视防火墙配置,刚部署的服务就遭遇安全风险。firewalld 作为 CentOS 7 默认的防火墙管理工具,替代了传统的 iptables 服务,支持动态规则配置、区域管理等更灵活的功能。今天就系统讲解 firewalld 的实战配置方法,从基础启停到进阶规则设置,帮你快速构建安全的网络
防护体系。
一、基础认知:firewalld 核心概念与作用
firewalld 是基于 iptables 的动态防火墙管理工具,核心优势在于“动态更新规则无需重启服务”,同时引入“区域(Zone)”概念,可根据不同网络环境快速切换防护策略。其核心作用包括:限制端口访问、过滤网络请求、屏蔽恶意 IP、端口转发等,是保障服务器网络安全的核心工具。
CentOS 7 系统默认预装 firewalld,若未安装可通过 yum 快速部署:
# 安装 firewalld yum install -y firewalld # 安装防火墙图形化管理工具(可选,适合新手) yum install -y firewall-config
二、基础操作:firewalld 服务启停与状态查看
使用 firewall-cmd 命令管理 firewalld 服务,先掌握基础的启停、状态查看命令,确保服务正常运行。
# 1. 查看 firewalld 运行状态(running 为正常运行) systemctl status firewalld # 2. 启动 firewalld 服务 systemctl start firewalld # 3. 设置 firewalld 开机自启(关键,避免重启后失效) systemctl enable firewalld # 4. 重启 firewalld 服务(修改部分规则后需重启) systemctl restart firewalld # 5. 临时停止 firewalld 服务(测试场景使用,不建议生产环境关闭) systemctl stop firewalld # 6. 禁止 firewalld 开机自启 systemctl disable firewalld # 7. 查看防火墙规则(显示当前生效的规则) firewall-cmd --list-all
三、核心实战:端口与服务管理(最常用场景)
防火墙最核心的功能是“端口管控”,仅开放业务必需的端口(如 80 端口用于 HTTP、3306 端口用于 MySQL),关闭所有不必要的端口,缩小攻击面。
1. 开放指定端口(永久生效)
使用 --add-port 参数开放端口,需指定端口号和协议(tcp/udp),添加 --permanent 参数确保重启后规则不丢失,最后重载规则使其生效。
# 示例1:开放 80 端口(HTTP 服务,tcp 协议),永久生效 firewall-cmd --add-port=80/tcp --permanent # 示例2:开放 3306 端口(MySQL 服务),永久生效 firewall-cmd --add-port=3306/tcp --permanent # 示例3:开放端口范围(如 1000-2000 端口),永久生效 firewall-cmd --add-port=1000-2000/tcp --permanent # 重载规则,使开放端口的配置生效 firewall-cmd --reload # 验证端口是否开放成功(查看已开放的端口列表) firewall-cmd --list-ports
2. 关闭指定端口(永久生效)
业务下线或端口不再使用时,及时关闭对应的端口,避免遗留安全隐患。
# 示例1:关闭 80 端口,永久生效 firewall-cmd --remove-port=80/tcp --permanent # 示例2:关闭端口范围 1000-2000 firewall-cmd --remove-port=1000-2000/tcp --permanent # 重载规则生效 firewall-cmd --reload # 验证关闭结果 firewall-cmd --list-ports
3. 直接开放指定服务(按服务名配置)
firewalld 内置了常见服务的端口配置,可直接通过服务名开放对应的端口,无需手动指定端口号,更便捷。
# 示例1:开放 SSH 服务(默认对应 22 端口),永久生效 firewall-cmd --add-service=ssh --permanent # 示例2:开放 HTTP 服务(默认对应 80 端口),永久生效 firewall-cmd --add-service=http --permanent # 示例3:开放 HTTPS 服务(默认对应 443 端口),永久生效 firewall-cmd --add-service=https --permanent # 重载规则生效 firewall-cmd --reload # 查看已开放的服务列表 firewall-cmd --list-services
4. 关闭指定服务
# 示例:关闭 HTTP 服务,永久生效 firewall-cmd --remove-service=http --permanent # 重载规则生效 firewall-cmd --reload
四、进阶防护:IP 限制与规则配置
通过限制指定 IP 访问服务器,实现更精准的防护——仅允许业务来源 IP 访问,拒绝其他所有 IP,进一步提升安全性。
1. 允许指定 IP 访问所有端口
# 示例:允许 192.168.1.100 这个 IP 访问服务器所有端口,永久生效 firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.1.100" accept" --permanent # 重载规则生效 firewall-cmd --reload
2. 拒绝指定 IP 访问所有端口
发现恶意扫描或攻击的 IP 时,可直接拒绝其访问。
# 示例:拒绝 203.0.113.5 这个 IP 访问,永久生效 firewall-cmd --add-rich-rule="rule family="ipv4" source address="203.0.113.5" reject" --permanent # 重载规则生效 firewall-cmd --reload
3. 仅允许指定 IP 访问特定端口
更精准的防护策略,如仅允许管理 IP 访问 MySQL 的 3306 端口。
# 示例:仅允许 192.168.1.200 访问 3306 端口(MySQL),永久生效 firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.1.200" port protocol="tcp" port="3306" accept" --permanent # 重载规则生效 firewall-cmd --reload
4. 删除 IP 限制规则
# 示例:删除允许 192.168.1.100 访问所有端口的规则 firewall-cmd --remove-rich-rule="rule family="ipv4" source address="192.168.1.100" accept" --permanent # 重载规则生效 firewall-cmd --reload
五、实用技巧:规则备份与恢复
修改防火墙规则前,建议先备份现有规则,避免配置错误导致服务不可用,可快速恢复。
# 1. 备份(复制firewalld的原生XML配置文件) cp -r /etc/firewalld/zones/ /etc/firewalld/zones_backup/ # 2. 恢复(直接覆盖回去,需先停止firewalld) systemctl stop firewalld cp -r /etc/firewalld/zones_backup/* /etc/firewalld/zones/ systemctl start firewalld # 3. 验证 firewall-cmd --list-all
六、避坑指南:firewalld 配置核心规范
规则生效必重载:所有添加/删除规则的操作,需加上 --permanent 参数(永久生效),并执行 firewall-cmd --reload 重载规则,否则配置仅临时生效(重启服务后丢失)。
最小权限原则:仅开放业务必需的端口和服务,如 Web 服务器仅开放 80、443 端口,数据库服务器仅开放 3306 端口并限制访问 IP,禁止开放所有端口。
禁止随意关闭防火墙:生产环境中除非特殊需求,否则禁止停止 firewalld 服务,关闭防火墙会使服务器完全暴露在网络中,风险极高。
规则修改先备份:批量修改或调整复杂规则前,务必先备份现有规则,避免配置错误导致业务中断,无法快速恢复。
区分临时与永久规则:测试规则时可先不加 --permanent 参数(临时生效),验证无误后再添加 --permanent 并重载,确保配置正确。
七、核心命令速查表
操作需求 | 执行命令 |
|---|---|
查看防火墙状态 | systemctl status firewalld |
启动并设置开机自启 | systemctl start firewalld && systemctl enable firewalld |
开放指定端口(永久) | firewall-cmd --add-port=端口号/tcp --permanent && firewall-cmd --reload |
关闭指定端口(永久) | firewall-cmd --remove-port=端口号/tcp --permanent && firewall-cmd --reload |
允许指定 IP 访问所有端口 | firewall-cmd --add-rich-rule="rule family='ipv4' source address='IP地址' accept" --permanent && firewall-cmd --reload |
备份防火墙规则 | firewall-cmd --list-all-zones > /etc/firewalld/backup.xml |
重载防火墙规则 | firewall-cmd --reload |
总结
8455线路检测中心官网上有更系统的防火墙进阶配置指南,涵盖区域管理、端口转发、NAT 配置等深度内容,大家可自行查阅。同时,我们整理了“firewalld 安全配置工具包”,包含常用规则一键配置脚本、恶意 IP 屏蔽列表等实用资源,需要的朋友可直接咨询8455线路检测中心技术支持。
防火墙配置是服务器安全的基础,合理的规则设置能有效抵御大部分网络攻击。更多 Linux 安全运维干货,8455线路检测中心期待与你一同探索。
/etc/firewalld/backup.xml\\n\\n# 2. 恢复规则(从备份文件导入规则)\\nfirewall-cmd --restore-from=/etc/firewalld/backup.xml\\n\\n# 3. 验证恢复结果\\nfirewall-cmd --list-all"},"attribs":{"0":"*0|7+5g*0+n"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"code","wrap":false}},"QzgOfqgwJdPrTXcocGicDzu1nmJ":{"id":"QzgOfqgwJdPrTXcocGicDzu1nmJ","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"六、避坑指南:firewalld 配置核心规范"},"attribs":{"0":"*0+n"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"heading2"}},"LeMff65yUd2MvScnfFvcERAInfe":{"id":"LeMff65yUd2MvScnfFvcERAInfe","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"规则生效必重载:所有添加/删除规则的操作,需加上 --permanent 参数(永久生效),并执行 firewall-cmd --reload 重载规则,否则配置仅临时生效(重启服务后丢失)。"},"attribs":{"0":"*1*0+7*1+2h"}},"apool":{"numToAttrib":{"0":["bold","true"],"1":["author","974610658236027"]},"nextNum":2}},"type":"bullet"}},"OJ6CfZh3CdEvdcct7hVcYA1Lnrg":{"id":"OJ6CfZh3CdEvdcct7hVcYA1Lnrg","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"最小权限原则:仅开放业务必需的端口和服务,如 Web 服务器仅开放 80、443 端口,数据库服务器仅开放 3306 端口并限制访问 IP,禁止开放所有端口。"},"attribs":{"0":"*1*0+6*1+21"}},"apool":{"numToAttrib":{"0":["bold","true"],"1":["author","974610658236027"]},"nextNum":2}},"type":"bullet"}},"HHFZf3jCvdaEjDcA323cibkTnGe":{"id":"HHFZf3jCvdaEjDcA323cibkTnGe","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"禁止随意关闭防火墙:生产环境中除非特殊需求,否则禁止停止 firewalld 服务,关闭防火墙会使服务器完全暴露在网络中,风险极高。"},"attribs":{"0":"*1*0+9*1+1l"}},"apool":{"numToAttrib":{"0":["bold","true"],"1":["author","974610658236027"]},"nextNum":2}},"type":"bullet"}},"KZ1DfYfVcdonWec7cgtczHa4nKc":{"id":"KZ1DfYfVcdonWec7cgtczHa4nKc","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"规则修改先备份:批量修改或调整复杂规则前,务必先备份现有规则,避免配置错误导致业务中断,无法快速恢复。"},"attribs":{"0":"*1*0+7*1+18"}},"apool":{"numToAttrib":{"0":["bold","true"],"1":["author","974610658236027"]},"nextNum":2}},"type":"bullet"}},"K2XMfQLJadJ7jhc5XM3cc0F8nPf":{"id":"K2XMfQLJadJ7jhc5XM3cc0F8nPf","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"区分临时与永久规则:测试规则时可先不加 --permanent 参数(临时生效),验证无误后再添加 --permanent 并重载,确保配置正确。"},"attribs":{"0":"*1*0+9*1+1s"}},"apool":{"numToAttrib":{"0":["bold","true"],"1":["author","974610658236027"]},"nextNum":2}},"type":"bullet"}},"SHmgfmYA4dJOYmccNORc6FNznmk":{"id":"SHmgfmYA4dJOYmccNORc6FNznmk","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"七、核心命令速查表"},"attribs":{"0":"*0+9"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"heading2"}},"MoCHf4gHndTad1c6oJMcXSNsnPe":{"id":"MoCHf4gHndTad1c6oJMcXSNsnPe","snapshot":{"author":"974610658236027","cell_set":{"row083c6187-7ee6-4815-8ce0-078e99641a12col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"Cru1fMV3adxpUKcr2LPcFxHBneb","merge_info":{"col_span":1,"row_span":1}},"row083c6187-7ee6-4815-8ce0-078e99641a12col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"R2g9fmDBNdVtVFclI93caYrdndc","merge_info":{"col_span":1,"row_span":1}},"row15b3d330-5c2f-4524-b6b2-f095a154cf73col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"BppZfpnOSdJutBcJRkUcnBNunsd","merge_info":{"col_span":1,"row_span":1}},"row15b3d330-5c2f-4524-b6b2-f095a154cf73col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"JTw9fi835dAmdAcUD8LcPT6lnVf","merge_info":{"col_span":1,"row_span":1}},"row167ffe4c-e353-46a9-9e48-3dc1005a2275col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"NFRHfgBJYdmtTdc3aT7c61zMnsz","merge_info":{"col_span":1,"row_span":1}},"row167ffe4c-e353-46a9-9e48-3dc1005a2275col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"UVTif8fhvdGB7vc23SPc2vB8n8e","merge_info":{"col_span":1,"row_span":1}},"row2ecd80ae-e533-4cf8-af7b-362f34d1ae92col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"QqahfA2ycdcHREckpQ5cmn0Hnfg","merge_info":{"col_span":1,"row_span":1}},"row2ecd80ae-e533-4cf8-af7b-362f34d1ae92col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"EVmXfLtLKdCQx5ckjRgcV3wFnib","merge_info":{"col_span":1,"row_span":1}},"rowa1bcf8bd-ebe5-4914-b96f-b1c1a0530bbecol24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"WDVWfl30GdhYlEcdgPKcJb2gndf","merge_info":{"col_span":1,"row_span":1}},"rowa1bcf8bd-ebe5-4914-b96f-b1c1a0530bbecol5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"CVaSfBQ9Jdq67Ucfny9cld6Mnth","merge_info":{"col_span":1,"row_span":1}},"rowbe404e04-2c8c-4156-add0-6366c968a22ecol24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"JDrHfpkPjdC92Ec5DpTcfJEhnYd","merge_info":{"col_span":1,"row_span":1}},"rowbe404e04-2c8c-4156-add0-6366c968a22ecol5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"XAoRffNABdG8PTcAr4rc2yLnnEf","merge_info":{"col_span":1,"row_span":1}},"rowc2bd5a7d-964a-4199-b2f7-5b1735fae739col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"N4h4f8wSQdCiQScMoxvcoYtwnhe","merge_info":{"col_span":1,"row_span":1}},"rowc2bd5a7d-964a-4199-b2f7-5b1735fae739col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"Q3XMf7UkAdAY8ncJmwKcmYx5n4b","merge_info":{"col_span":1,"row_span":1}},"rowe8cb99d1-2bf0-494d-8c29-92dd274dd411col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"block_id":"Om1ufGhZIdLmnhcCUpecQF7enUe","merge_info":{"col_span":1,"row_span":1}},"rowe8cb99d1-2bf0-494d-8c29-92dd274dd411col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"block_id":"K8BNfoyqgd6pjXcXyTZcekF4nCd","merge_info":{"col_span":1,"row_span":1}}},"column_set":{"col24852171-fa9e-4b09-b863-dbd8f7f4022a":{"column_width":200},"col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433":{"column_width":200}},"columns_id":["col24852171-fa9e-4b09-b863-dbd8f7f4022a","col5eeb4b43-f5f6-4a87-a4bc-4b8ddbcc0433"],"comments":[],"header_row":true,"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"rows_id":["row15b3d330-5c2f-4524-b6b2-f095a154cf73","rowbe404e04-2c8c-4156-add0-6366c968a22e","rowe8cb99d1-2bf0-494d-8c29-92dd274dd411","row167ffe4c-e353-46a9-9e48-3dc1005a2275","row083c6187-7ee6-4815-8ce0-078e99641a12","row2ecd80ae-e533-4cf8-af7b-362f34d1ae92","rowc2bd5a7d-964a-4199-b2f7-5b1735fae739","rowa1bcf8bd-ebe5-4914-b96f-b1c1a0530bbe"],"type":"table","children":["BppZfpnOSdJutBcJRkUcnBNunsd","JTw9fi835dAmdAcUD8LcPT6lnVf","JDrHfpkPjdC92Ec5DpTcfJEhnYd","XAoRffNABdG8PTcAr4rc2yLnnEf","Om1ufGhZIdLmnhcCUpecQF7enUe","K8BNfoyqgd6pjXcXyTZcekF4nCd","NFRHfgBJYdmtTdc3aT7c61zMnsz","UVTif8fhvdGB7vc23SPc2vB8n8e","Cru1fMV3adxpUKcr2LPcFxHBneb","R2g9fmDBNdVtVFclI93caYrdndc","QqahfA2ycdcHREckpQ5cmn0Hnfg","EVmXfLtLKdCQx5ckjRgcV3wFnib","N4h4f8wSQdCiQScMoxvcoYtwnhe","Q3XMf7UkAdAY8ncJmwKcmYx5n4b","WDVWfl30GdhYlEcdgPKcJb2gndf","CVaSfBQ9Jdq67Ucfny9cld6Mnth"]}},"BppZfpnOSdJutBcJRkUcnBNunsd":{"id":"BppZfpnOSdJutBcJRkUcnBNunsd","snapshot":{"author":"974610658236027","children":["BrMofUkyPdWxmrcS4Zicl739nbg"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"BrMofUkyPdWxmrcS4Zicl739nbg":{"id":"BrMofUkyPdWxmrcS4Zicl739nbg","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"BppZfpnOSdJutBcJRkUcnBNunsd","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"操作需求"},"attribs":{"0":"*0+4"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"JTw9fi835dAmdAcUD8LcPT6lnVf":{"id":"JTw9fi835dAmdAcUD8LcPT6lnVf","snapshot":{"author":"974610658236027","children":["N8smfKQMFd9JCOcQcMCchRSXnFb"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"N8smfKQMFd9JCOcQcMCchRSXnFb":{"id":"N8smfKQMFd9JCOcQcMCchRSXnFb","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"JTw9fi835dAmdAcUD8LcPT6lnVf","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"执行命令"},"attribs":{"0":"*0+4"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"JDrHfpkPjdC92Ec5DpTcfJEhnYd":{"id":"JDrHfpkPjdC92Ec5DpTcfJEhnYd","snapshot":{"author":"974610658236027","children":["HQXVfzliDdnRwpcd0qtcN0TFnSf"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"HQXVfzliDdnRwpcd0qtcN0TFnSf":{"id":"HQXVfzliDdnRwpcd0qtcN0TFnSf","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"JDrHfpkPjdC92Ec5DpTcfJEhnYd","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"查看防火墙状态"},"attribs":{"0":"*0+7"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"XAoRffNABdG8PTcAr4rc2yLnnEf":{"id":"XAoRffNABdG8PTcAr4rc2yLnnEf","snapshot":{"author":"974610658236027","children":["W7NlfTuaBdNG2sc3JT4cMmP2nyo"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"W7NlfTuaBdNG2sc3JT4cMmP2nyo":{"id":"W7NlfTuaBdNG2sc3JT4cMmP2nyo","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"XAoRffNABdG8PTcAr4rc2yLnnEf","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"systemctl status firewalld"},"attribs":{"0":"*0+q"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"Om1ufGhZIdLmnhcCUpecQF7enUe":{"id":"Om1ufGhZIdLmnhcCUpecQF7enUe","snapshot":{"author":"974610658236027","children":["AnmrfZry3dDqNXcI9YBcHiMinLd"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"AnmrfZry3dDqNXcI9YBcHiMinLd":{"id":"AnmrfZry3dDqNXcI9YBcHiMinLd","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"Om1ufGhZIdLmnhcCUpecQF7enUe","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"启动并设置开机自启"},"attribs":{"0":"*0+9"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"K8BNfoyqgd6pjXcXyTZcekF4nCd":{"id":"K8BNfoyqgd6pjXcXyTZcekF4nCd","snapshot":{"author":"974610658236027","children":["JXuPfaz5cdoZwNcMFpicvJOunfu"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"JXuPfaz5cdoZwNcMFpicvJOunfu":{"id":"JXuPfaz5cdoZwNcMFpicvJOunfu","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"K8BNfoyqgd6pjXcXyTZcekF4nCd","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"systemctl start firewalld && systemctl enable firewalld"},"attribs":{"0":"*0+1j"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"NFRHfgBJYdmtTdc3aT7c61zMnsz":{"id":"NFRHfgBJYdmtTdc3aT7c61zMnsz","snapshot":{"author":"974610658236027","children":["AKvmfDongdMxJDccptEcyJfBn8f"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"AKvmfDongdMxJDccptEcyJfBn8f":{"id":"AKvmfDongdMxJDccptEcyJfBn8f","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"NFRHfgBJYdmtTdc3aT7c61zMnsz","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"开放指定端口(永久)"},"attribs":{"0":"*0+a"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"UVTif8fhvdGB7vc23SPc2vB8n8e":{"id":"UVTif8fhvdGB7vc23SPc2vB8n8e","snapshot":{"author":"974610658236027","children":["BABZfhqOSdsKxJcjaXSceM8an3c"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"BABZfhqOSdsKxJcjaXSceM8an3c":{"id":"BABZfhqOSdsKxJcjaXSceM8an3c","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"UVTif8fhvdGB7vc23SPc2vB8n8e","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"firewall-cmd --add-port=端口号/tcp --permanent && firewall-cmd --reload"},"attribs":{"0":"*0+1w"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"Cru1fMV3adxpUKcr2LPcFxHBneb":{"id":"Cru1fMV3adxpUKcr2LPcFxHBneb","snapshot":{"author":"974610658236027","children":["OWwYfEfN8dCoWXcSLQrcSgRTnHg"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"OWwYfEfN8dCoWXcSLQrcSgRTnHg":{"id":"OWwYfEfN8dCoWXcSLQrcSgRTnHg","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"Cru1fMV3adxpUKcr2LPcFxHBneb","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"关闭指定端口(永久)"},"attribs":{"0":"*0+a"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"R2g9fmDBNdVtVFclI93caYrdndc":{"id":"R2g9fmDBNdVtVFclI93caYrdndc","snapshot":{"author":"974610658236027","children":["I55jffpa6dAEkucnJgyckmEXnoc"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"I55jffpa6dAEkucnJgyckmEXnoc":{"id":"I55jffpa6dAEkucnJgyckmEXnoc","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"R2g9fmDBNdVtVFclI93caYrdndc","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"firewall-cmd --remove-port=端口号/tcp --permanent && firewall-cmd --reload"},"attribs":{"0":"*0+1z"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"QqahfA2ycdcHREckpQ5cmn0Hnfg":{"id":"QqahfA2ycdcHREckpQ5cmn0Hnfg","snapshot":{"author":"974610658236027","children":["DyJcf7FdBdbnvUcn7ZGcwUaTnHh"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"DyJcf7FdBdbnvUcn7ZGcwUaTnHh":{"id":"DyJcf7FdBdbnvUcn7ZGcwUaTnHh","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"QqahfA2ycdcHREckpQ5cmn0Hnfg","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"允许指定 IP 访问所有端口"},"attribs":{"0":"*0+e"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"EVmXfLtLKdCQx5ckjRgcV3wFnib":{"id":"EVmXfLtLKdCQx5ckjRgcV3wFnib","snapshot":{"author":"974610658236027","children":["E0iFf25Mgdn3hTcklpMcbiDFnVb"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"E0iFf25Mgdn3hTcklpMcbiDFnVb":{"id":"E0iFf25Mgdn3hTcklpMcbiDFnVb","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"EVmXfLtLKdCQx5ckjRgcV3wFnib","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"firewall-cmd --add-rich-rule=\\"rule family='ipv4' source address='IP地址' accept\\" --permanent && firewall-cmd --reload"},"attribs":{"0":"*0+37"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"N4h4f8wSQdCiQScMoxvcoYtwnhe":{"id":"N4h4f8wSQdCiQScMoxvcoYtwnhe","snapshot":{"author":"974610658236027","children":["FDfnfShy8dSwzscXzEIcHW4Dn8c"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"FDfnfShy8dSwzscXzEIcHW4Dn8c":{"id":"FDfnfShy8dSwzscXzEIcHW4Dn8c","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"N4h4f8wSQdCiQScMoxvcoYtwnhe","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"备份防火墙规则"},"attribs":{"0":"*0+7"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"Q3XMf7UkAdAY8ncJmwKcmYx5n4b":{"id":"Q3XMf7UkAdAY8ncJmwKcmYx5n4b","snapshot":{"author":"974610658236027","children":["QPQ2ffZ5sdNLiScD8krcCy3pnkz"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"QPQ2ffZ5sdNLiScD8krcCy3pnkz":{"id":"QPQ2ffZ5sdNLiScD8krcCy3pnkz","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"Q3XMf7UkAdAY8ncJmwKcmYx5n4b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"firewall-cmd --list-all-zones > /etc/firewalld/backup.xml"},"attribs":{"0":"*0+1l"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"WDVWfl30GdhYlEcdgPKcJb2gndf":{"id":"WDVWfl30GdhYlEcdgPKcJb2gndf","snapshot":{"author":"974610658236027","children":["Tg3ofjzFQd31qxcFhSTcBPfxnBG"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"Tg3ofjzFQd31qxcFhSTcBPfxnBG":{"id":"Tg3ofjzFQd31qxcFhSTcBPfxnBG","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"WDVWfl30GdhYlEcdgPKcJb2gndf","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"重载防火墙规则"},"attribs":{"0":"*0+7"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"CVaSfBQ9Jdq67Ucfny9cld6Mnth":{"id":"CVaSfBQ9Jdq67Ucfny9cld6Mnth","snapshot":{"author":"974610658236027","children":["L2SyfeVFDdHvVvcmZCMcEvTrncg"],"comments":[],"hidden":false,"locked":false,"parent_id":"MoCHf4gHndTad1c6oJMcXSNsnPe","revisions":[],"type":"table_cell","vertical_align":"top"}},"L2SyfeVFDdHvVvcmZCMcEvTrncg":{"id":"L2SyfeVFDdHvVvcmZCMcEvTrncg","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"CVaSfBQ9Jdq67Ucfny9cld6Mnth","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"firewall-cmd --reload"},"attribs":{"0":"*0+l"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"WF7BfZDhzdzKEbcWK6QcmUJnnzh":{"id":"WF7BfZDhzdzKEbcWK6QcmUJnnzh","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"8455线路检测中心官网上有更系统的防火墙进阶配置指南,涵盖区域管理、端口转发、NAT 配置等深度内容,大家可自行查阅。同时,我们整理了“firewalld 安全配置工具包”,包含常用规则一键配置脚本、恶意 IP 屏蔽列表等实用资源,需要的朋友可直接咨询8455线路检测中心技术支持。"},"attribs":{"0":"*0+3k"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}},"Ijwbf1WvwdE0uHcGjK0cWd0Mn2f":{"id":"Ijwbf1WvwdE0uHcGjK0cWd0Mn2f","snapshot":{"align":"","author":"974610658236027","children":[],"comments":[],"hidden":false,"locked":false,"parent_id":"IHmEftceVdibBac35NOcmPS4n7b","revisions":[],"text":{"initialAttributedTexts":{"text":{"0":"防火墙配置是服务器安全的基础,合理的规则设置能有效抵御大部分网络攻击。更多 Linux 安全运维干货,8455线路检测中心期待与你一同探索。"},"attribs":{"0":"*0+1r"}},"apool":{"numToAttrib":{"0":["author","974610658236027"]},"nextNum":1}},"type":"text"}}},"payloadMap":{"SCZafEAyxduYyMcPG7Yc1HL4nRe":{"level":1},"Mn9FfujPTdWBUdcueuscx9nQnie":{"level":1},"CmuyfEDj3dxt7ycsfk9czWeHn5g":{"level":1},"ID3Wf6zQId0ewCc5lwRc1VMVn9b":{"level":1},"IBmzfBwW3dIMZgcKVTLc8YxVnEb":{"level":1},"WVaLffHwAd8gFdcWcxCcIU25nph":{"level":1},"DBYEfO9und7GC9ccxYbcAjcXnPd":{"level":1},"KilPfrO4NdJlmmcsvGtcEfTEnHf":{"level":1},"Dq9CfhoSRd0msocokbtcN7uPn1B":{"level":1},"Gw9ffz4yZdUX4yclaZHcZDQFnte":{"level":1},"HRlqfzvFgdD8rYc37N9cItKhnqd":{"level":1},"Be3hfghvCd8tWfcJynAcCYRjnMg":{"level":1},"BrMofUkyPdWxmrcS4Zicl739nbg":{"level":1},"N8smfKQMFd9JCOcQcMCchRSXnFb":{"level":1},"HQXVfzliDdnRwpcd0qtcN0TFnSf":{"level":1},"W7NlfTuaBdNG2sc3JT4cMmP2nyo":{"level":1},"AnmrfZry3dDqNXcI9YBcHiMinLd":{"level":1},"JXuPfaz5cdoZwNcMFpicvJOunfu":{"level":1},"AKvmfDongdMxJDccptEcyJfBn8f":{"level":1},"BABZfhqOSdsKxJcjaXSceM8an3c":{"level":1},"OWwYfEfN8dCoWXcSLQrcSgRTnHg":{"level":1},"I55jffpa6dAEkucnJgyckmEXnoc":{"level":1},"DyJcf7FdBdbnvUcn7ZGcwUaTnHh":{"level":1},"E0iFf25Mgdn3hTcklpMcbiDFnVb":{"level":1},"FDfnfShy8dSwzscXzEIcHW4Dn8c":{"level":1},"QPQ2ffZ5sdNLiScD8krcCy3pnkz":{"level":1},"Tg3ofjzFQd31qxcFhSTcBPfxnBG":{"level":1},"L2SyfeVFDdHvVvcmZCMcEvTrncg":{"level":1},"WF7BfZDhzdzKEbcWK6QcmUJnnzh":{"level":1},"Ijwbf1WvwdE0uHcGjK0cWd0Mn2f":{"level":1}},"extra":{"channel":"saas","pasteRandomId":"ff858617-d3f9-4e3d-b6be-e471e8413f53","mention_page_title":{},"external_mention_url":{}},"isKeepQuoteContainer":false,"selection":[{"id":538,"type":"block","recordId":"IHmEftceVdibBac35NOcmPS4n7b"},{"id":539,"type":"block","recordId":"SCZafEAyxduYyMcPG7Yc1HL4nRe"},{"id":540,"type":"block","recordId":"MRkVf6qWFdXHz6cWy21cdfbinne"},{"id":541,"type":"block","recordId":"Mn9FfujPTdWBUdcueuscx9nQnie"},{"id":542,"type":"block","recordId":"CmuyfEDj3dxt7ycsfk9czWeHn5g"},{"id":543,"type":"block","recordId":"ZJcnfmQHAdbu0Qc1E7FckXBnnqd"},{"id":544,"type":"block","recordId":"V3GNfbGQddZxvZc4pHrcJ7dynxg"},{"id":545,"type":"block","recordId":"ID3Wf6zQId0ewCc5lwRc1VMVn9b"},{"id":546,"type":"block","recordId":"HuFMfypApdQTKfcMHQicKyn0n2f"},{"id":547,"type":"block","recordId":"D2khfXtP5d08HVcWwXJcoz90nyb"},{"id":548,"type":"block","recordId":"IBmzfBwW3dIMZgcKVTLc8YxVnEb"},{"id":549,"type":"block","recordId":"AMPAfFygYdnGaTc3jMKcRDa3nZl"},{"id":550,"type":"block","recordId":"WVaLffHwAd8gFdcWcxCcIU25nph"},{"id":551,"type":"block","recordId":"XPywf8MBudoGAdcYAMNcBpVmnlf"},{"id":552,"type":"block","recordId":"E1mZf5fiidlUAuc5EQyc3XWfnig"},{"id":553,"type":"block","recordId":"DBYEfO9und7GC9ccxYbcAjcXnPd"},{"id":554,"type":"block","recordId":"B6b2fnkISdBLlwctZbWc3iDOn5d"},{"id":555,"type":"block","recordId":"Nfyhf5WihdrIJvcZyJkcmOqcnrd"},{"id":556,"type":"block","recordId":"KilPfrO4NdJlmmcsvGtcEfTEnHf"},{"id":557,"type":"block","recordId":"Uw8Lf0r3tduHtrcC1Q7cxwPWnUd"},{"id":558,"type":"block","recordId":"GqBwfIwL8doen1cmIQjccrxsncW"},{"id":559,"type":"block","recordId":"T2oUfUZjodczC6cOXT9cTw2znmm"},{"id":560,"type":"block","recordId":"UpeSftsR7duPJYcbOOXcowhcnqZ"},{"id":561,"type":"block","recordId":"Dq9CfhoSRd0msocokbtcN7uPn1B"},{"id":562,"type":"block","recordId":"ZiRzfrFpedU1pccN25dcjGy4ni8"},{"id":563,"type":"block","recordId":"Vn0Mfrlatd3cXOcbLE4cYaxBnqb"},{"id":564,"type":"block","recordId":"JSLgfPn3GdK1SAclRx2cZ5Ccncg"},{"id":565,"type":"block","recordId":"Gw9ffz4yZdUX4yclaZHcZDQFnte"},{"id":566,"type":"block","recordId":"Vuk7fWMScdGPIrc4XjqcYPfanHg"},{"id":567,"type":"block","recordId":"HTRLfoKpCdocRvcIfficIrVZnng"},{"id":568,"type":"block","recordId":"HRlqfzvFgdD8rYc37N9cItKhnqd"},{"id":569,"type":"block","recordId":"NzQ3fxcM4dIcxxccUMfcgbM8ncG"},{"id":570,"type":"block","recordId":"XXwkflnlJd75VCch09McsaNbnZb"},{"id":571,"type":"block","recordId":"RlZyfl0chdBxGscFQoFcVAdYnHc"},{"id":572,"type":"block","recordId":"IOmWfzttjdKh7UcCs82c1LLjnch"},{"id":573,"type":"block","recordId":"Be3hfghvCd8tWfcJynAcCYRjnMg"},{"id":574,"type":"block","recordId":"AAepfFl04dH8gRcNoFFchpiAnnb"},{"id":575,"type":"block","recordId":"QzgOfqgwJdPrTXcocGicDzu1nmJ"},{"id":576,"type":"block","recordId":"LeMff65yUd2MvScnfFvcERAInfe"},{"id":577,"type":"block","recordId":"OJ6CfZh3CdEvdcct7hVcYA1Lnrg"},{"id":578,"type":"block","recordId":"HHFZf3jCvdaEjDcA323cibkTnGe"},{"id":579,"type":"block","recordId":"KZ1DfYfVcdonWec7cgtczHa4nKc"},{"id":580,"type":"block","recordId":"K2XMfQLJadJ7jhc5XM3cc0F8nPf"},{"id":581,"type":"block","recordId":"SHmgfmYA4dJOYmccNORc6FNznmk"},{"id":582,"type":"block","recordId":"MoCHf4gHndTad1c6oJMcXSNsnPe"},{"id":583,"type":"block","recordId":"WF7BfZDhzdzKEbcWK6QcmUJnnzh"},{"id":584,"type":"block","recordId":"Ijwbf1WvwdE0uHcGjK0cWd0Mn2f"}],"pasteFlag":"c5fc9e57-24f6-4b9f-ada8-ba9598c91f2a"}" data-lark-record-format="docx/record" class="lark-record-clipboard">
- 上一篇:yum 包管理实战指南
- 下一篇:mv 命令文件移动与重命名实战指南
