一、基本使用
启动:
systemctl start firewalld
关闭:
systemctl stop firewalld
查看状态:
systemctl status firewalld
开机禁用 :
systemctl disable firewalld
开机启用 :
systemctl enable firewalld
systemctl是CentOS7的服务管理工具中主要的工具,它融合之前service和chkconfig的功能于一体
启动一个服务:
systemctl start firewalld.service
关闭一个服务:
systemctl stop firewalld.service
重启一个服务:
systemctl restart firewalld.service
显示一个服务的状态:
systemctl status firewalld.service
在开机时启用一个服务:
systemctl enable firewalld.service
在开机时禁用一个服务:
systemctl disable firewalld.service
查看服务是否开机启动:
systemctl is-enabled firewalld.service
查看已启动的服务列表:
systemctl list-unit-files|grep enabled
查看启动失败的服务列表:
systemctl --failed
二、 配置firewalld-cmd
查看版本:
firewall-cmd --version
查看帮助:
firewall-cmd --help
显示状态:
firewall-cmd --state
查看所有打开的端口:
firewall-cmd --zone=public --list-ports
更新防火墙规则:
firewall-cmd --reload
查看区域信息:
firewall-cmd --get-active-zones
查看指定接口所属区域:
firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:
firewall-cmd --panic-on
取消拒绝状态:
firewall-cmd --panic-off
查看是否拒绝:
firewall-cmd --query-panic
三、开启防火墙端口
比如,需打开防火墙80和3306端口
步骤1:设置开放的端口号
firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=3060/tcp --permanent
–permanent永久生效,没有此参数重启后失效
步骤2:重启防火墙
firewall-cmd --reload
步骤3:查看开放端口号
firewall-cmd --list-all
四、docker 端口
1.查询容器的端口
docker ps --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}"
2..容器端口映射,删除容器的映射
一、安装sshd服务进入容器[root@node01 ~]# docker exec -it c00dfd401fa3 bash安装sshd服务[root@test /]# yum install -y openssh-server启动并允许sshd自动启动[root@test /]# systemctl start sshd[root@test /]# systemctl enable sshd二、增加sshd使用的22映射端口1.关闭容器[root@node01 ~]# docker stop c00dfd401fa32.关闭docker服务[root@node01 ~]# systemctl stop docker3.获取container_id[root@node01 ~]# docker inspect c00dfd401fa3 | grep Id"Id":"c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8",4.修改容器配置文件hostconfig.jsonvi /var/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/hostconfig.json修改配置项"PortBindings":{}为"PortBindings":{"22/tcp":[{"HostIp":"","HostPort":"10022"}]}5.修改容器配置文件hostconfig.jsonvi /var/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/config.v2.json修改配置项"ExposedPorts":{}为"ExposedPorts":{"22/tcp":{}}6.启动docker服务[root@node01 ~]# systemctl start docker7.启动容器[root@node01 ~]# docker start c00dfd401fa38.验证连接容器外部网络通过10022端口连接容器C:\Users\yang>ssh [email protected] -p 10022The authenticity of host'[192.168.162.128]:10022 ([192.168.162.128]:10022)'can't be established.ECDSA key fingerprintisSHA256:DcwfgepkosH8q1N8Kp8XD0iNFL8h1sVKO0Al2Bs4hiE.Are you sure you want tocontinueconnecting (yes/no/[fingerprint])? yesWarning: Permanently added'[192.168.162.128]:10022'(ECDSA) to the list of known hosts.[email protected]'s password:Last login: Sun Oct 24 04:34:08 2021fromgateway[root@test ~]#容器所在的宿主机连接容器[root@node01 ~]# ssh [email protected] -p 22[email protected]'s password:Last login: Sun Oct 24 04:34:02 2021from192.168.162.1
本文转载自: https://blog.csdn.net/swebin/article/details/132296790
版权归原作者 石工记 所有, 如有侵权,请联系我们删除。
版权归原作者 石工记 所有, 如有侵权,请联系我们删除。