CentOS命令
# 查看防火墙状态
systemctl status firewalld
# 开启
systemctl start firewalld
# 关闭防火墙
systemctl stop firewalld
# 开启端口
firewall-cmd --permanent --zone=public --add-port=27017/tcp --permanent
# 关闭端口
firewall-cmd --permanent --remove-port=27017/tcp
# 查看端口
firewall-cmd --permanent --query-port=27017/tcp,提示yes,即查询成功
# 重启防火墙
firewall-cmd --reload
#检查防火墙开放的端口
firewall-cmd --permanent --zone=public --list-ports
# 查看所有
firewall-cmd --list-all# 新建永久规则,开放192.168.1.0/24整个源IP段的访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" accept"
# 移除上述规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.1/24" accept"
# 允许指定IP访问本机8080端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" accept'
# 允许指定IP段访问本机8080-8090端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="8080-8090" accept'
# 禁止指定IP访问本机8080端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" reject'
Ubuntu
# 安装 sudo apt-get install ufw # 查看防火墙状态 ufw status # 启用 / 禁用sudo ufw enable / disable
# 重启防火墙
ufw reload
# 开启端口
# 1.允许所有的外部IP访问本机的22/tcp (ssh)端口
sudo ufw allow 22/tcp
拒绝外部访问22端口
sudo ufw deny 22
# 2.允许某个IP地址访问本机所有端口
sudo ufw allow from 192.168.1.1
允许特定子网的连接:
sudo ufw allow from 192.168.1.1/24
允许特定 IP/ 端口的组合:
sudo ufw allow from 192.168.1.1 to any port 22 proto tcp
# 3.要删除一条规则,在规则的前面加上 delete
sudo ufw delete allow 80
参考
