首先明確配置CentOS防火墻的核心是理解區(qū)域、服務(wù)和持久化設(shè)置，具體需掌握firewalld的zone劃分如public、internal等，使用firewall-cmd命令管理運(yùn)行時(shí)與永久規(guī)則，通過--add-service或--add-port開放服務(wù)端口，結(jié)合--permanent參數(shù)確保規(guī)則重啟生效，并在修改后執(zhí)行--reload應(yīng)用配置。

Configuring a firewall on CentOS using firewalld-cmd is straightforward once you understand the core concepts of zones, services, and runtime vs. permanent settings. firewalld uses dynamic zones to define trust levels for network connections, and you can manage rules with the firewall-cmd command-line tool.

Understanding Zones and Default Configuration

When you start firewalld, it assigns interfaces to zones based on predefined rules. Common zones include:

• public: For public areas where you don’t trust other computers (default for most installations)
• internal: For internal networks with some level of trust
• home: For home networks
• trusted: All traffic is accepted

To check the current active zone and assigned interfaces:

To see the default zone:

You can change the default zone with:

Opening Ports and Services

Instead of managing raw ports, firewalld allows you to enable predefined services (like http, ssh). To allow HTTP traffic in the current session:

To make this change permanent across reboots:

Then reload the firewall:

If you need to open a custom port, such as TCP 8080:

Managing Runtime and Permanent Settings

By default, firewall-cmd applies changes only to the runtime configuration. These are lost after reboot unless made permanent.

To list all currently active settings:

To list permanent settings:

Always use --permanent when you want rules to persist. Remember to run --reload after making permanent changes to apply them to the running configuration.

Working with Specific Zones

If your system has multiple network interfaces, assign them to appropriate zones. For example, to add an interface eth1 to the internal zone:

To allow SSH access only in the trusted zone:

You can also block all traffic in a zone by removing unwanted services or using rich rules for fine-grained control.

Basically, get familiar with zones, use services when possible, always consider the permanent flag, and reload when needed. That’s how you maintain a secure and functional firewall on CentOS with firewalld.

以上是如何在CentOS上使用firewalld-cmd配置防火墻？的詳細(xì)內(nèi)容。更多信息請(qǐng)關(guān)注PHP中文網(wǎng)其他相關(guān)文章！