Centos: 防火墙Firewalld操作以及端口转发

一. 防火墙Firewalld操作

1. firewalld服务配置

启动服务

systemctl start firewalld

关闭服务

systemctl stop firewalld

重启服务

systemctl restart firewalld

服务状态

systemctl status firewalld

开机启动服务

systemctl enable firewalld

开机禁用服务

systemctl disable firewalld

是否开机启动

systemctl list-unit-files |grep firewalld
2. firewalld规则配置

查看firewall-cmd版本

firewall-cmd --version

查看firewall-cmd状态

firewall-cmd --state

重载规则

firewall-cmd --reload

查看所有开放的端口

firewall-cmd --list-ports

查看所有规则

firewall-cmd --list-all

添加开放端口

firewall-cmd --add-port=8080/tcp --permanent

删除开放规则

firewall-cmd --remove-port=8080/tcp --permanent

查看端口开放状态

firewall-cmd --zone=public --query-port=8080/tcp

二. 端口转发

1. 修改sysctl文件开启ip转发
vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

sysctl -p
2. 开启端口转发

开启防火墙伪装

firewall-cmd --add-masquerade --permanent

添加转发规则

本机8080 转发到8.8.8.8:8080,备注:本机8080端口需要对外开放
firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=8080:toaddr=8.8.8.8 --permanent

重新加载配置

firewall-cmd --reload

Author: jhonse

Jhonse技术博客: http://blog.jhonse.com

Leave a Reply

Your email address will not be published. Required fields are marked *