centos7默认使用firewall防火墙规则,这个比之前的iptalbes好多了
[root@timophp.com ~]# systemctl start firewalld
[root@timophp.com ~]# systemctl enable firewalld
firewalld默认只添加了ssh和dhcpv6-client两个服务,我们搭建网站肯定要开启80端口,也就是http服务
[root@timophp.com ~]# firewall-cmd --add-service=http --permanent
--permanent参数表示永久有效,如果不加该参数,那么重启firewalld后添加的规则将失效
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.250" port protocol="tcp" port="3306" accept"
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<rule family="ipv4">
<source address="192.168.1.250"/>
<port protocol="tcp" port="3306"/>
<accept/>
</rule>
</zone>
有--permanent参数,记得要让firewalld重新加载规则
[root@timophp.com ~]# firewall-cmd --reload
Port 22
改为:
Port 10086
端口号随便你改
<port protocol="tcp" port="22"/>
修改为:
<port protocol="tcp" port="10837"/>
[root@timophp.com ~]# firewall-cmd --reload
[root@timophp.com ~]# systemctl restart sshd.service
[root@timophp.com ~]# adduser timophp
[root@timophp.com ~]# passwd timophp
[root@timophp.com ~]# vim /etc/ssh/sshd_config
PermitRootLogin yes
改为:
PermitRootLogin no
[root@timophp.com ~]# systemctl restart sshd.service