centos怎么看防火墙状态
防火墙是系统安全的重要组成部分,它通过过滤网络数据包来实现防范网络攻击的目的。CentOS是一种广泛使用的Linux操作系统,本文将向您介绍如何在CentOS上查看防火墙状态。
一、使用systemctl命令查看防火墙状态
在CentOS 7及以上版本中,使用systemctl命令可以轻松查看防火墙状态。以下是示例命令:
```systemctl status firewalld```
如果防火墙正在运行,将输出以下内容:
```
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-08-26 10:48:53 UTC; 25min ago
Docs: man:firewalld(1)
Main PID: 2427 (firewalld)
Tasks: 2
Memory: 23.4M
CGroup: /system.slice/firewalld.service
└─2427 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Aug 26 10:48:52 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 26 10:48:53 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
```
如果防火墙没有运行,将输出以下内容:
```
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2021-08-26 10:43:12 UTC; 30min ago
Docs: man:firewalld(1)
Process: 2330 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 2330 (code=exited, status=0/SUCCESS)
Aug 26 10:42:42 centos7 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 26 10:43:12 centos7 systemd[1]: Started firewalld - dynamic firewall daemon.
```
二、使用firewall-cmd命令查看防火墙状态
firewall-cmd是CentOS中的主要命令之一,用于管理和配置防火墙。以下是用于检查防火墙状态的示例命令:
```firewall-cmd --state```
如果防火墙正在运行,将输出“running”,如果防火墙没有运行,则输出“not running”。
三、使用iptables命令查看防火墙配置
iptables是Linux中用于设置和管理防火墙规则的标准工具。以下是用于显示当前防火墙配置的示例命令:
```iptables -L```
如果防火墙正在运行,则会显示输出如下:
```
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
```
这些规则描述了允许或拒绝进入和离开系统的网络流量。如果防火墙没有运行,则该命令将输出为空。