CentOS 防火墙管理及使用的redis基本常用命令

防火墙管理

需要关闭防火墙或者开启对应端口

使用systemctl管理防火墙启动、关闭

1. 启动防火墙： systemctl start firewalld
2. 关闭防火墙： systemctl stop firewalld
3. 查看防火墙状态： systemctl status firewalld
4. 开机禁用防火墙： systemctl disable firewalld
5. 开机启用防火墙 ： systemctl enable firewalld

使用firewalld-cmd配置访问防火墙策略

6. 查看版本firewall-cmd --version
7. 查看帮助 firewall-cmd --help
8. 显示状态 firewall-cmd --state
9. 查看当前所有规则 firewall-cmd --list-all
10. 查看所有打开的端口 firewall-cmd --zone=public --list-ports
11. 更新防火墙规则 firewall-cmd --reload
12. 添加开放端口

firewall-cmd --zone=public --add-port=80/tcp --permanent (permanent永久生效，没有此参数重启后失效)

13. 查看端口是否开放firewall-cmd --zone=public --query-port=80/tcp
14. 删除开放端口 firewall-cmd --zone=public --remove-port=80/tcp --permanent
15. 批量开放一段TCP端口 firewall-cmd --permanent --add-port=9001-9100/tcp
16. 开放IP的访问 firewall-cmd --permanent --add-source=192.168.1.1
17. 开放整个源IP段的访问firewall-cmd --permanent --add-source=192.168.1.0/24
18. 移除IP访问firewall-cmd --permanent --remove-source=192.168.1.1
19. 允许指定IP访问本机80端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'

20. 禁止指定IP访问本机80端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" reject'

21. 移除允许指定IP访问本机80端口规则

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'

firewalld配置文件修改

通过修改配置文件修改防火墙访问策略
开放端口
永久开放2个端口

firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload

在 /etc/firewalld/zones 下的 public.xml里：

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="8080"/>
</zone>

限制来源IP

限制只能接收来自 10.10.x.x段的IP，开放8000到9000之间的端口。

firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" port protocol="tcp" port="8000-9000" accept'
firewall-cmd --reload

再看 /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="8080"/>
  
  <rule family="ipv4">
    <source address="10.10.0.0/16"/>
    <port protocol="tcp" port="8000-9000"/>
    <accept/>
  </rule>
  
  <rule family="ipv4">
    <source address="192.168.1.0/24"/>
    <port protocol="tcp" port="18000-19000"/>
    <accept/>
  </rule>

 # 单个端口限制
 <rule family="ipv4">
    <source address="192.168.20.228"/>
    <port protocol="tcp" port="18848"/>
    <accept/>
 </rule>
  
</zone>

所以，可以直接修改配置文件更改防火墙策略.

# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh dhcpv6-client
  ports: 80/tcp 22/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="10.10.0.0/16" port port="8000-9000" protocol="tcp" accept

docker

启动docker : systemctl start docker

使用 redis

docker使用redis6.0.8镜像创建容器(也叫运行镜像)：

docker run  -p 6379:6379 --name myr3 --privileged=true -v /app/redis/redis.conf:/etc/redis/redis.conf -v /app/redis/data:/data -d redis:6.0.8 redis-server /etc/redis/redis.conf

说明一下：-v /app/redis/redis.conf:/etc/redis/redis.conf
宿主机器上配置文件/app/redis/redis.conf，映射到容器里/etc/redis/redis.conf，容器使用映射后的配置文件/etc/redis/redis.conf

redis-cli连接上来
redis-cli -a 111111