firewalld
添加http服务到例外
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
firewall-cmd --list-services
添加tcp/80端口到例外
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
firewall-cmd --list-ports
添加tcp/5900-5910端口到例外
firewall-cmd --permanent --add-port=5900-5910/tcp
firewall-cmd --reload
firewall-cmd --list-ports
其他
firewall-cmd --get-services
firewall-cmd --get-zones
firewall-cmd --get-default-zone
firewall-cmd --permanent --zone=public --add-service=http
拒绝某一个IP访问
# 添加
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.10.15' reject"
# 移除
firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='192.168.10.15' reject"
SELINUX
查看SELINUX状态
getenforce
临时关闭SELINUX
setenforce 0
永久关闭SELINUX(修改配置文件/etc/selinux/config)
注意:!!!不要修改SELINUXTYPE
SELINUX=permissive
sed -i "/^SELINUXTYPE/c SELINUXTYPE=disabled" /etc/selinux/config
iptables(CentOS 6)
service iptables start
service iptables stop
service iptables status
chkconfig iptables on
chkconfig iptables off
chkconfig | grep iptables