https://lian.st/tags/firewalld/ Recent content in Firewalld on Net Boy Hugo -- gohugo.io en-gb Sun, 09 Feb 2025 20:09:39 +0800 https://lian.st/posts/0e58b5c8/ Sun, 09 Feb 2025 20:09:39 +0800 https://lian.st/posts/0e58b5c8/ <h2 id="轉發設定">轉發設定</h2> <pre tabindex="0"><code>firewall-cmd --state # 查看防火牆狀態 firewall-cmd --add-masquerade --permanent # 開啟偽裝 firewall-cmd --add-forward-port=port=53389:proto=tcp:toport=3389:toaddr=我的伺服器IP --permanent # 新增轉發 firewall-cmd --add-forward-port=port=10010:proto=tcp:toport=10010:toaddr=45.221.113.97 --permanent # 新增轉發 firewall-cmd --reload # 重載防火牆 </code></pre><h2 id="取消轉發設定">取消轉發設定</h2> <pre tabindex="0"><code>firewall-cmd --remove-forward-port=port=3389:proto=tcp:toport=3389:toaddr=我的伺服器IP --permanent firewall-cmd --remove-masquerade --permanent firewall-cmd --reload </code></pre> https://lian.st/posts/46bbd722/ Thu, 09 Feb 2023 20:12:44 +0800 https://lian.st/posts/46bbd722/ <h2 id="開啓防火牆">開啓防火牆</h2> <pre tabindex="0"><code>systemctl start firewalld.service </code></pre><h2 id="開機自啓">開機自啓</h2> <pre tabindex="0"><code>systemctl enable firewalld.service </code></pre><h2 id="關閉防火牆">關閉防火牆</h2> <pre tabindex="0"><code>systemctl stop firewalld.service </code></pre><h2 id="查看防火牆狀態">查看防火牆狀態</h2> <pre tabindex="0"><code>firewall-cmd --state </code></pre><h2 id="查看現有規則">查看現有規則</h2> <pre tabindex="0"><code>iptables -nL firewall-cmd --zone=public --list-ports </code></pre><h2 id="新建zone">新建ZONE</h2> <pre tabindex="0"><code>firewall-cmd --per --new-zone=tailscale </code></pre><h2 id="設置默認zone">設置默認ZONE</h2> <pre tabindex="0"><code>firewall-cmd --set --default-zone=zone </code></pre><h2 id="將指定網卡加入到zone">將指定網卡加入到ZONE</h2> <pre tabindex="0"><code>firewall-cmd --zone=public --add-inter </code></pre><h2 id="重載防火牆">重載防火牆</h2> <pre tabindex="0"><code>firewall-cmd --reload </code></pre><h2 id="添加單個端口">添加單個端口</h2> <pre tabindex="0"><code>firewall-cmd --permanent --zone=public --add-port=81/tcp </code></pre><h2 id="添加多個端口">添加多個端口</h2> <pre tabindex="0"><code>firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp </code></pre><h2 id="刪除指定端口">刪除指定端口</h2> <pre tabindex="0"><code>firewall-cmd --permanent --zone=public --remove-port=81/tcp </code></pre><h2 id="允許指定ip訪問指定端口">允許指定ip訪問指定端口</h2> <pre tabindex="0"><code>firewall-cmd --permanent --add-rich-rule=&#34;rule family=&#34;ipv4&#34; source address=&#34;192.168.2.166&#34; port protocol=&#34;tcp&#34; port=&#34;3306&#34; accept&#34; firewall-cmd --permanent --add-rich-rule=&#34;rule family=&#34;ipv4&#34; source address=&#34;192.168.123.3&#34; accept&#34; </code></pre><h2 id="刪除指定ip">刪除指定IP</h2> <pre tabindex="0"><code>firewall-cmd --permanent --remove-rich-rule=&#34;rule family=&#34;ipv4&#34; source address=&#34;192.168.1.51&#34; accept&#34; </code></pre><h2 id="允許指定ip段訪問">允許指定IP段訪問</h2> <pre tabindex="0"><code>firewall-cmd --permanent --add-rich-rule=&#34;rule family=&#34;ipv4&#34; source address=&#34;192.168.0.0/16&#34; accept&#34; firewall-cmd --permanent --add-rich-rule=&#34;rule family=&#34;ipv4&#34; source address=&#34;192.168.1.0/24&#34; port protocol=&#34;tcp&#34; port=&#34;9200&#34; accept&#34; </code></pre><h2 id="端口轉發">端口轉發</h2> <pre tabindex="0"><code>firewall-cmd --permanent --zone=&lt;區域&gt; --add-forward-port=port=&lt;源端口號&gt;:proto=&lt;协议&gt;:toport=&lt;目標端口號&gt;:toaddr=&lt;目標IP地址&gt; firewall-cmd --per --add-masquerade # 開啓僞裝 # 轉發本地12380端口到遠程服務器的22855端口 firewall-cmd --zone=public --add-forward-port=port=12380:proto=tcp:toport=22855:toaddr=10.3.7.2 --permanent </code></pre><h2 id="拒絕指定ip段的icmp">拒絕指定IP段的ICMP</h2> <pre tabindex="0"><code>firewalld-cmd --per --add-rich-rule &#39;rule faimly=ipv4 source address=192.168.31.1/24 protocol=icmp reject&#39; </code></pre><h2 id="禁止icmp">禁止ICMP</h2> <pre tabindex="0"><code>firewall-cmd --permanent --add-rich-rule=&#39;rule protocol value=icmp drop&#39; iptables -A OUTPUT -d 3.15.61.25 -j DROP </code></pre><h2 id="拒絕指定ip段訪問指定端口服務">拒絕指定IP/段訪問指定端口/服務</h2> <pre tabindex="0"><code>firewalld --per --add-rich-rule &#39;rule faimly=ipv4 source address=192.168.31.1/24 protocol=tcp port port=20-22 drop </code></pre>