一、基本使用

啟動：?systemctl start firewalld
關閉：?systemctl stop firewalld
查看狀態：?systemctl status firewalld
開機禁用 ：?systemctl disable firewalld
開機啟用 ：?systemctl enable firewalld

systemctl是CentOS7的服務管理工具中主要的工具，它融合之前service和chkconfig的功能于一體
啟動一個服務：systemctl start firewalld.service
關閉一個服務：systemctl stop firewalld.service
重啟一個服務：systemctl restart firewalld.service
顯示一個服務的狀態：systemctl status firewalld.service
在開機時啟用一個服務：systemctl enable firewalld.service
在開機時禁用一個服務：systemctl disable firewalld.service
查看服務是否開機啟動：systemctl is-enabled firewalld.service
查看已啟動的服務列表：systemctl list-unit-files|grep enabled
查看啟動失敗的服務列表：systemctl --failed

二、 配置firewalld-cmd

查看版本：?firewall-cmd --version
查看幫助：?firewall-cmd --help
顯示狀態：?firewall-cmd --state
查看所有打開的端口：?firewall-cmd --zone=public --list-ports
更新防火墻規則：?firewall-cmd --reload
查看區域信息:?firewall-cmd --get-active-zones
查看指定接口所屬區域：?firewall-cmd --get-zone-of-interface=eth0
拒絕所有包：firewall-cmd --panic-on
取消拒絕狀態：?firewall-cmd --panic-off
查看是否拒絕：?firewall-cmd --query-panic

三、開啟防火墻端口

比如，需打開防火墻80和3306端口

步驟1：設置開放的端口號

firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=3060/tcp --permanent

–permanent永久生效，沒有此參數重啟后失效

步驟2：重啟防火墻

firewall-cmd --reload

步驟3：查看開放端口號

firewall-cmd --list-all

四、docker?端口

??

1.查詢容器的端口

docker ps --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}"?

2..容器端口映射,刪除容器的映射

?

一、安裝sshd服務

進入容器

[root@node01 ~]# docker exec -it c00dfd401fa3 bash

安裝sshd服務

[root@test /]# yum install -y openssh-server

啟動并允許sshd自動啟動

[root@test /]# systemctl start sshd

[root@test /]# systemctl enable sshd

二、增加sshd使用的22映射端口

1.關閉容器

[root@node01 ~]# docker stop c00dfd401fa3

2.關閉docker服務

[root@node01 ~]# systemctl stop docker

3.獲取container_id

[root@node01 ~]# docker inspect c00dfd401fa3 | grep Id

????????"Id":?"c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8",

4.修改容器配置文件hostconfig.json

vi /var/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/hostconfig.json

修改配置項"PortBindings":{}為"PortBindings":{"22/tcp":[{"HostIp":"","HostPort":"10022"}]}

5.修改容器配置文件hostconfig.json

vi /var/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/config.v2.json

修改配置項"ExposedPorts":{}為"ExposedPorts":{"22/tcp":{}}

6.啟動docker服務

[root@node01 ~]# systemctl start docker

7.啟動容器

[root@node01 ~]# docker start c00dfd401fa3

8.驗證連接容器

外部網絡通過10022端口連接容器

C:\Users\yang>ssh root@192.168.162.128 -p 10022

The authenticity of host?'[192.168.162.128]:10022 ([192.168.162.128]:10022)'?can't be established.

ECDSA key fingerprint?is?SHA256:DcwfgepkosH8q1N8Kp8XD0iNFL8h1sVKO0Al2Bs4hiE.

Are you sure you want to?continue?connecting (yes/no/[fingerprint])? yes

Warning: Permanently added?'[192.168.162.128]:10022'?(ECDSA) to the list of known hosts.

root@192.168.162.128's password:

Last login: Sun Oct 24 04:34:08 2021?from?gateway

[root@test ~]#

容器所在的宿主機連接容器

[root@node01 ~]# ssh root@172.17.0.2 -p 22

root@172.17.0.2's password:

Last login: Sun Oct 24 04:34:02 2021?from?192.168.162.1

?