firewalld防火墙
来源:互联网 发布:plc编程100例视频教程 编辑:程序博客网 时间:2024/05/22 06:10
#########################
#########firewalld########
#########################
reset server
[root@server2 ~]# systemctl status firewalld
[root@server2 ~]# systemctl stop iptables
[root@server2 ~]# systemctl mask iptables
[root@server2 ~]# systemctl start firewalld
[root@server2 ~]# systemctl enable firewalld
1.使用命令行接口配置防火墙
[root@server2 ~]# firewall-cmd --state ##查看firewalld的状态
[root@server2 ~]# firewall-cmd --get-active-zones ##查看当前活动的区域,并附带一个目前分配给它们的接口列表
[root@server2 ~]# firewall-cmd --get-zones ##查看所有可用区域
[root@server2 ~]# firewall-cmd --zone=public --list-all ##列出指定域的所有设置
[root@server2 ~]# firewall-cmd --get-services ##列出所有预设服务
[root@server2 ~]# firewall-cmd --set-default-zone=trusted ##设置默认区域
success
[root@server2 ~]# firewall-cmd --get-default-zone ##查看默认区域
trusted
[root@server2 ~]# firewall-cmd --set-default-zone=public
success
[root@server2 ~]# firewall-cmd --permanent --add-source=172.25.254.250 ##设置网络地址到默认区域
success
[root@server2 ~]# firewall-cmd --reload ##重载防火墙
success
[root@server2 ~]# firewall-cmd --list-all ##列出所有的设置
public (default, active)
interfaces: eth0 eth1
sources: 172.25.254.250
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --permanent --remove-source=172.25.254.250
success
[root@server2 ~]#firewall -cmd --permanent --zone=trusted --add-source=172.25.254.250 ##设置网络地址到指定的区域
success
[root@server2 ~]# firewall-cmd --reload
success
[root@server2 ~]#firewall -cmd--permanent --zone=public --remove-source=172.25.254.250 ##删除指定区域中的网路地址
success
[root@server2 ~]# firewall-cmd --reload
success
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --remove-interface=eth0 --zone=public ##删除网络接口
success
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth1
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --add-interface=eth0 --zone=trusted
success
[root@server2 ~]# firewall-cmd --reload
success
测试:
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# systemctl start httpd
浏览器输入eth0网段的ip172.25.2.11可以访问,eth1的ip172.25.254.202不能
firewall-cmd --permanent --zone=public --add-service=smtp ##添加服务
firewall-cmd --permanent --zone=public --remove-service=smtp ##删除服务
[root@server2 ~]# firewall-cmd --list-ports
[root@server2 ~]# firewall-cmd --add-port=53/tcp ##添加端口
success
[root@server2 ~]# firewall-cmd --list-ports
53/tcp
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth1
sources:
services: dhcpv6-client ssh
ports: 53/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --remove-service=ssh ##移除ssh
success
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth1
sources:
services: dhcpv6-client
ports: 53/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --permanent --remove-service=ssh
success
[root@server2 ~]# firewall-cmd --reload ##重载防火墙
[root@server2 ~]# firewall-cmd --complete-reload ##完全重载防火墙,立即中断连接
success
2.Direct Rules
通过 firewall-cmd 工具,可以使用 --direct 选项在运行时间里增加或者移除链。
[root@server2 ~]# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 ! -s 172.25.254.250 -p tcp --dport 22 -j ACCEPT ##添加规则,除250主机不能访问22端口其余都可以
success
[root@server2 ~]# firewall-cmd --direct --get-all-rules ##列出规则
ipv4 filter INPUT 0 '!' -s 172.25.254.250 -p tcp --dport 22 -j ACCEPT
3.伪装和端口转发
1>端口转发
[root@server2 ~]# systemctl restart firewalld
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0 eth1
sources:
services: dhcpv6-client
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@server2 ~]# firewall-cmd --zone=public --add-forward-port=port=22:proto=tcp:toport=22:toaddr=172.25.254.1
success
[root@server2 ~]# firewall-cmd --add-service=ssh
success
[root@server2 ~]# firewall-cmd --add-masquerade
success
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
masquerade: yes
forward-ports: port=22:proto=tcp:toport=22:toaddr=172.25.254.1
icmp-blocks:
rich rules:
测试:
真机ssh root@172.25.254.202
[root@foundation2 Desktop]# ssh root@172.25.254.202
root@172.25.254.202's password:
Last failed login: Sat Jun 3 11:48:23 CST 2017 from 172.25.254.202 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sat Jun 3 11:47:29 2017 from foundation144.ilt.example.com
[root@foundation1 ~]#
2>伪装
[root@server2 ~]# systemctl restart firewalld
[root@server2 ~]# firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=172.25.254.202 masquerade'
success
[root@server2 ~]# firewall-cmd --add-service=ssh
success
[root@server2 ~]# firewall-cmd --add-masquerade
success
[root@server2 ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="172.25.254.202" masquerade
测试:
用desktop
设置其ip为172.25.2.10
gateway为172.25.2.11
ping172.25.254.202和172.25.2.11
[root@localhost ~]# ssh root@172.25.2.11
root@172.25.2.11's password:
Last login: Sat Jun 3 01:25:53 2017 from 172.25.2.10
[root@server2 ~]# ssh root@172.25.254.1
root@172.25.254.1's password:
Last login: Sat Jun 3 13:36:52 2017 from 172.25.254.202
[root@foundation1 ~]# w
13:38:46 up 4:41, 10 users, load average: 0.52, 0.26, 0.23
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
kiosk :0 :0 08:57 ?xdm? 33:29 0.46s gdm-sessio
kiosk pts/0 :0 08:58 9:50 14.41s 0.05s ssh -X roo
kiosk pts/1 :0 08:58 22.00s 29.21s 0.01s ssh -X roo
kiosk pts/2 :0 08:58 10:06 0.07s 1:06 /usr/libex
root pts/10 172.25.254.202 13:38 1.00s 0.04s 0.00s w ##用2网段登陆伪装成了254网段
- firewalld防火墙
- firewalld防火墙
- centos7 防火墙firewalld
- centos7防火墙使用(firewalld)
- Centos7中的防火墙firewalld
- Centos7的防火墙FirewallD
- CentOS7防火墙管理firewalld
- CentOS7防火墙管理firewalld
- Centos防火墙之firewalld
- Iptables与Firewalld防火墙
- redhat Firewalld 防火墙
- Redhat7 Firewalld防火墙
- 06-IPTABLES.FIREWALLD防火墙
- CentOS7防火墙firewalld配置
- iptables&firewalld防火墙
- CentOS7防火墙管理firewalld
- Iptables与Firewalld防火墙
- 防火墙管理器一:firewalld
- samba
- R语言_缺失值问题
- uva 11100
- android4.1.1 Settings WIFI模块浅析
- 用户身份标识
- firewalld防火墙
- 电机MFC附加库目录
- python数据类型(一)
- 企业版dh安装说明
- ViewPager+TabLayout
- Round Up To Power Of Two
- 在Ubuntu的shell终端写一个简单脚本
- C#面向对象编程基础 I
- 20170607-ARM-1-初谈