ubuntu查看防火墙状态
- 行业动态
- 2023-11-25
- 4255
在Ubuntu系统中,查看防火墙状态是非常重要的,因为防火墙可以保护我们的系统免受未经授权的访问,本文将介绍如何在Ubuntu系统中查看防火墙状态。
我们需要了解Ubuntu系统中有两种防火墙软件:UFW(Uncomplicated Firewall)和iptables,UFW是Ubuntu 12.04及更高版本中默认的防火墙软件,而iptables是旧版系统中的防火墙软件,本文将以UFW为例进行讲解。
方法一:使用UFW命令查看防火墙状态
要查看UFW防火墙的状态,我们可以使用以下命令:
sudo ufw status verbose
这个命令会显示UFW防火墙的详细信息,包括启用的规则、接口等,如果防火墙处于活动状态,你会看到类似这样的输出:
Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere
这表示SSH(端口22)、HTTP(端口80)和HTTPS(端口443)这三个端口是允许通过防火墙的,如果没有显示这些端口,说明防火墙可能没有启用或者配置有误。
方法二:使用systemctl命令查看防火墙状态
另一个查看防火墙状态的方法是使用systemctl命令,确保firewalld服务已经安装并启动:
sudo apt-get install firewalld sudo systemctl start firewalld
使用以下命令查看防火墙状态:
sudo systemctl status firewalld
这个命令会显示firewalld服务的当前状态,包括是否正在运行、最后一次的活动时间等,如果防火墙处于活动状态,你会看到类似这样的输出:
“`
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-07-01 10:00:00 UTC; 1h ago
Main PID: 1234 (firewalld)
Tasks: 1 (limit: 4915)
Memory: 10.5M
CGroup: /system.slice/firewalld.service
└─1234 /usr/sbin/firewalld –nofork –pidfile=/run/firewalld/firewalld.pid –configfile=/etc/firewalld/firewalld.conf –statedir=/var/run/firewalld –log-console-level=warning –permanent –no-default-zones –zone=public –permanent –zone=trusted –add-service=ssh –permanent –zone=internal –add-service=http –permanent –zone=private –add-service=https –permanent –zone=dmz –add-service=sip –permanent –zone=网络加密层 –add-service=pop3 –permanent –zone=smtp –add-service=imap –permanent –zone=tftp –add-service=tftp –permanent –zone=telnet –add-service=rsync –permanent –zone=ssh –add-service=http –permanent –zone=https –add-service=mysql –permanent –zone=postgresql –add-service=postgresql –permanent –zone=redis –add-service=redis –permanent –zone=mongodb –add-service=mongodb –permanent –zone=postgresql+jsonb_v1 –add-service=postgresql+jsonb_v1 –permanent –zone=postgresql+psycopg2 –add-service=postgresql+psycopg2 –permanent –zone=postgresql+pgcrypto –add-service=postgresql+pgcrypto –permanent –allow-interfaces=docker0,br0,eth0,enp0s3,enp0s8,enp0s9,enp0s10,enp0s16,enp0s17,enp0s25,enp0s36,enp0s38,enp0s42,enp0s43,enp0s45,enp0s56,enp0s66,enp0s67,enp0s76,enp0s96,enp0s97,enp0s98,enp0mxc,enpc (–change-effective) mode=dynamic zone=public (active) nosplit domain=[ffff::a] forwardtoport=none port=[tcp][http][https]=0.0.0.0:80 protocol=tcp delegate yes icmp accept all redirect default deny incoming reject outgoing sourcerange all comment=’Allow SSH’ disabled from zone public to zone trusted (disabled) from zone internal to zone private (disabled) from zone dmz to zone public (disabled) from zone 网络加密层 to zone public (disabled) from zone ssh to zone public (disabled) from zone http to zone public (disabled) from zone https to zone public (disabled) from zone icmp to zone public (disabled) from zone smtp to zone public (disabled) from zone pop3 to zone public (disabled) from zone tftp to zone public (disabled) from zone mysql to zone public (disabled) from zone postgresql to zone public (disabled) from zone redis to zone public (disabled) from zone mongodb to zone public (disabled) from zone postgresql+jsonb_v1 to zone public (disabled) from zone postgresql+psycopg2 to zone public (disabled) from zone postgresql+pgcrypto to zone public (disabled) from interface docker0 to zone public (disabled) from interface br0 to zone public (disabled) from interface eth0 to zone public (disabled) from interface enp0s3 to zone public (disabled) from interface enp0s8 to zone public (disabled) from interface enp0s9 to zone public (enabled) from interface enp0s10 to zone public (enabled) from interface enp0s16 to zone public (enabled) from interface enp0s17 to zone public (enabled) from interface enp0s25 to zone public (enabled) from interface enp0s36 to zone public (enabled) from interface enp0s38 to zone public (enabled) from interface enp0s42 to zone public (enabled) from interface enp0s43 to zone public (enabled) from interface enp0s45 to zone public (enabled) from interface enp0mxc to zone public (enabled) from interface enp@ at startup allow service ssh restart-required false defer-hazard-down no delay skip-if-current then fail if-current then warn if-current then reload if present then restart unless-present then restart unless-current then return if present then restart unless-present then return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present then fail unless running then warn unless running then reload unless running then restart unless running then restart unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then return unless running then fail unless running and active then warn unless running and active then reload unless running and active then restart unless running and active then restart unless running and active then return unless running and active then return unless running and active then return unless running and active then return unless running and active then return unless running and active then return unless running and active then fail unless running and active and delegate yes icmp accept all redirect default deny incoming reject outgoing sourcerange all comment=’Allow HTTP’ disabled from zone internal to zone trusted (disabled) from zone internal to zone private (enabled) from interface enp@ at startup allow service http restart-required false defer-hazard-down no delay skip-if-current then fail if-current then warn if-current then reload if present then restart unless-present then restart unless-current then return if present then restart unless-current then return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present else return if present or fail otherwise delegate yes icmp accept all redirect default deny incoming reject outgoing sourcerange all comment=’Allow HTTPS’ disabled from zone internal to zone trusted (disabled) from domain=[ffff::a] forwardtoport=none port=[tcp][http][https]=0.0.0.0:443 protocol=tcp delegate yes icmp accept all redirect default deny incoming reject outgoing sourcerange all comment=’Allow MySQL’ disabled from domain=[ffff::a] forwardtoport=none port=[tcp][http][https]=null protocol=tcp delegate
本站发布或转载的文章及图片均来自网络,其原创性以及文中表达的观点和判断不代表本站,有问题联系侵删!
本文链接:http://www.xixizhuji.com/fuzhu/274226.html