linux下防火墙常见命令（Centos7）

[root@localhost ~]# echo 查看防火墙状态

查看防火墙状态

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]# systemctl status firewalld

鈼[0m firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: active (running) since Wed 2022-07-13 20:38:05 PDT; 1h 9min ago

     Docs: man:firewalld(1)

 Main PID: 8294 (firewalld)

   CGroup: /system.slice/firewalld.service

           鈹斺攢8294 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jul 13 20:38:05 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...

Jul 13 20:38:05 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

Jul 13 20:38:06 localhost.localdomain firewalld[8294]: WARNING: /etc/sysconfig/network-scripts/ifcfg-ens33: Duplicate option definition: 'DNS1=114.114.114.114'

Jul 13 20:39:47 localhost.localdomain firewalld[8294]: WARNING: ALREADY_ENABLED: 8080:tcp

Jul 13 20:44:17 localhost.localdomain firewalld[8294]: WARNING: /etc/sysconfig/network-scripts/ifcfg-ens33: Duplicate option definition: 'DNS1=114.114.114.114'

[root@localhost ~]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: active (running) since Wed 2022-07-13 20:38:05 PDT; 1h 10min ago

     Docs: man:firewalld(1)

 Main PID: 8294 (firewalld)

   CGroup: /system.slice/firewalld.service

           └─8294 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jul 13 20:38:05 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...

Jul 13 20:38:05 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

Jul 13 20:38:06 localhost.localdomain firewalld[8294]: WARNING: /etc/sysconfig/network-scripts/ifcfg-ens33: Duplicate option definition: 'DNS1=114.114.114.114'

Jul 13 20:39:47 localhost.localdomain firewalld[8294]: WARNING: ALREADY_ENABLED: 8080:tcp

Jul 13 20:44:17 localhost.localdomain firewalld[8294]: WARNING: /etc/sysconfig/network-scripts/ifcfg-ens33: Duplicate option definition: 'DNS1=114.114.114.114'

[root@localhost ~]# firewall-cmd --state

running

[root@localhost ~]# echo 关闭防火墙

关闭防火墙

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]# systemctl stop firewalld

[root@localhost ~]# firewall-cmd --state

not running

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]# echo 开启防火墙

开启防火墙

[root@localhost ~]#

[root@localhost ~]# systemctl start firewalld

[root@localhost ~]# firewall-cmd --state

running

[root@localhost ~]#

[root@localhost ~]# echo 查看已开放外部访问的所有端口

查看已开放外部访问的所有端口

[root@localhost ~]#

[root@localhost ~]# firewall-cmd --zone=public --list-ports

8080/tcp 8080/udp 8098/tcp 111/tcp 25/tcp

[root@localhost ~]# echo 上述已开放tcp8080端口，udp 8080端口，tcp 111端口，tcp 25端口

上述已开放tcp8080端口，udp 8080端口，tcp 111端口，tcp 25端口

[root@localhost ~]#

[root@localhost ~]#

[root@localhost ~]# echo关闭端口，如关闭tcp 111端口

-bash: echo关闭端口，如关闭tcp: command not found

[root@localhost ~]#

[root@localhost ~]# firewall-cmd --zone=public --remove-port=111/tcp --permanent

success

[root@localhost ~]# echo 查看已开放外部访问的所有端口

查看已开放外部访问的所有端口

[root@localhost ~]# firewall-cmd --zone=public --list-ports

8080/tcp 8080/udp 8098/tcp 111/tcp 25/tcp

[root@localhost ~]# echo使得防火墙端口规则生效

-bash: echo使得防火墙端口规则生效: command not found

[root@localhost ~]# firewall-cmd --reload

success

[root@localhost ~]# firewall-cmd --zone=public --list-ports

8080/tcp 8080/udp 8098/tcp 25/tcp

[root@localhost ~]# echo 111端口已禁用

111端口已禁用

[root@localhost ~]# echo开启端口，如开启tcp 111端口

-bash: echo开启端口，如开启tcp: command not found

[root@localhost ~]# echo 开启端口，如开启tcp 111端口

开启端口，如开启tcp 111端口

[root@localhost ~]# firewall-cmd --zone=public --add-port=111/tcp --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

[root@localhost ~]# firewall-cmd --zone=public --list-ports

8080/tcp 8080/udp 8098/tcp 25/tcp 111/tcp

[root@localhost ~]# echo 111端口tcp已可访问

111端口tcp已可访问

[root@localhost ~]# echo 查看端口使用情况

查看端口使用情况

[root@localhost ~]# netstat -lnpt

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd          

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7418/sshd          

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7812/master        

tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd          

tcp6       0      0 :::22                   :::*                    LISTEN      7418/sshd          

tcp6       0      0 ::1:25                  :::*                    LISTEN      7812/master        

[root@localhost ~]# echo 查看指定进程信息

查看指定进程信息

[root@localhost ~]# ps

   PID TTY          TIME CMD

  8223 pts/0    00:00:00 bash

 13479 pts/0    00:00:00 ps

[root@localhost ~]# ps 1

   PID TTY      STAT   TIME COMMAND

     1 ?        Ss     0:03 /usr/lib/systemd/systemd --switched-root --system --deserialize 22

[root@localhost ~]# ps 7418

   PID TTY      STAT   TIME COMMAND

  7418 ?        Ss     0:00 /usr/sbin/sshd -D

[root@localhost ~]# echo 上述为ps pid查看

上述为ps pid查看