郭進電腦使用筆記: CentOS8 指令練習與網路管理

此篇已經重新謄錄完成!!
可以作廢。

-------------------------------------------------------------

//系統版本
CentOS8 Linux 8 ( Core )

// 4.18.0 核心版本 147 修正次數 x86 相容電腦 61 bit
Kernel 4.18.0-147.5.1.e18_1.x86_64 on an x86_64

// # 最高權限管理者 $ 一班使用者 root 使用者 CentOS8 主機名 ~ 使用者家目錄
[root@CentOS8 ~]#

// show who is logged on
# who
root pts/1 2020-03-21 15:33 (192.168.2.100)

// Show who is logged on and what they are doing
# w
15:42:45 up 1:20, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.2.100 15:33 0.00s 0.06s 0.03s w

// 關機馬上 halt

# shutdown -h now

// 關機10分鐘後

# shutdown -h 10

//重開機 reboot
# shutdown -r

#reboot

// print name of current/working directory
# pwd
/root

// 列出檔案系統根目錄下
# ls /
bin dev home lib64 mnt proc run srv tmp usr
boot etc lib media opt root sbin sys ubstituteqq var

// .. 上一層目錄，目前在 /root
# ls ..
bin dev home lib64 mnt proc run srv tmp usr
boot etc lib media opt root sbin sys ubstituteqq var

// . 目前所在目錄，目前在 /root ，同 # ls

# ls .

//list directory contents
//Change the current directory to dir

# cd /home

[root@CentOS8 home]#

//print system information
// -s, --kernel-name -n, --nodename -r, --kernel-release
# uname -snr
Linux Ku.CentOS8 4.18.0-147.el8.x86_64

# date
四 3月 26 10:50:07 CST 2020

# echo $LANG

zh_TW.UTF-8

# locale

LANG=zh_TW.UTF-8

...

# vi /etc/hostname

Ku.CentOS8

# hostnamectl set-hostname Ku.CentOS8.chehjh

# hostnamectl

Static hostname: Ku.CentOS8.chehjh

...

-------------------------------------------------------------cp, mv, rm

//copy files and directories
// . 目前目錄下
# cp /etc/yum.conf .
# ls
anaconda-ks.cfg yum.conf
[root@centos8 ~]# pwd
/root

//--recursive

# cp -r /etc/ssh .

# ls

anaconda-ks.cfg ssh

// move (rename) files
# mv yum.conf aa.conf
# ls
aa.conf anaconda-ks.cfg

//remove files or directories
# rm aa.conf
rm：是否移除普通檔案'aa.conf'? y

// --recursive --force
# rm -rf ssh

-------------------------------------- touch, cat, more, less, head, tail

// concatenate files and print on the standard output
//--number

# cat -n /var/log/messages

...

2976 Mar 28 17:04:57 centos8 systemd[1]: Starting Cleanup of Temporary Directories...

2977 Mar 28 17:04:57 centos8 systemd[1]: Started Cleanup of Temporary Directories.

// 產生 test.txt ， > 將輸入文字寫入 test.txt 中
# cat > test.txt
I love Linux! //輸入完成按 Ctrl+D
# ls
anaconda-ks.cfg test.txt
# cat test.txt
I love Linux!

//SPACE Display next k lines of text. Defaults to current screen size.
//RETURN Display next k lines of text. Defaults to 1
# more anaconda-ks.cfg

# less anaconda-ks.cfg

//預設10 列
# head /var/log/messages
Feb 17 22:50:34 centos8 kernel: Linux version 4.18.0-147.el8.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)) #1 SMP Wed Dec 4 21:51:45 UTC 2019

// 指定3列

# tail -3 /var/log/messages

Mar 28 17:00:34 centos8 systemd[1]: Started dnf makecache.

Mar 28 17:04:57 centos8 systemd[1]: Starting Cleanup of Temporary Directories...

Mar 28 17:04:57 centos8 systemd[1]: Started Cleanup of Temporary Directories.

// ----follow 持續監控記錄檔，有新資料馬上顯示 ^C 中斷

# tail -f /var/log/messages

//產生空白檔案

# touch kk1.txt
# ls
anaconda-ks.cfg kk1.txt

//change file timestamps

# ls -l
-rw-------. 1 root root 1262 2月 17 22:49 anaconda-ks.cfg
# touch anaconda-ks.cfg
# ls -l
-rw-------. 1 root root 1262 3月 29 15:33 anaconda-ks.cfg

-------------------------------------- mkdir, rmdir

// make directories
# mkdir dir1
# ls -l
-rw-------. 1 root root 1262 3月 29 15:33 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 3月 29 15:36 dir1

// remove empty directories
# touch dir1/file1
# ls dir1/file1
dir1/file1

// -f, --force -r, -R, --recursive
# rm -r dir1
rm: descend into directory 'dir1'? y
rm：是否移除普通空白檔案'dir1/file1'? y
rm：是否移除目錄'dir1'? y
# ls
anaconda-ks.cfg

-------------------------------------- link

# echo "HelloWorld" > data.txt

// -i, --inode
# ls -li
8851206 -rw-r--r--. 1 root root 11 3月 29 17:21 data.txt

//-s, --symbolic make symbolic links instead of hard links
# ln -s data.txt slink
# ls -li
8851206 -rw-r--r--. 1 root root 11 3月 29 17:21 data.txt
8851201 lrwxrwxrwx. 1 root root 8 3月 29 17:24 slink -> data.txt
// l: link rwx: link 沒自己權限，視真實檔案為主
//2個 inode 編號不同

# cat slink

HelloWorld

# rm data.txt

rm：是否移除普通檔案'data.txt'? y

# ls -l slink

lrwxrwxrwx. 1 root root 8 3月 29 17:24 slink -> data.txt

// slink 變成紅色警戒，表連結無效

//刪除真實檔案的檔名
//符號連結 symbolic link 就無法取得真實檔案的 inode 資訊內的 Block 區塊位置

# cat slink
cat: slink: 沒有此一檔案或目錄

# rm slink
rm：是否移除符號連結'slink'? y

# echo "HelloWorld" > data2.txt

// Create hard links by default, symbolic links with --symbolic.

# ln data2.txt hlink

# ls -li

8851201 -rw-r--r--. 2 root root 11 3月 29 17:38 data2.txt

8851201 -rw-r--r--. 2 root root 11 3月 29 17:38 hlink

//2個 inode 編號相同

# rm data2.txt
rm：是否移除普通檔案'data2.txt'? y

# ls -li

8851201 -rw-r--r--. 1 root root 11 3月 29 17:38 hlink

# cat hlink

HelloWorld

// 硬連結 hard link 複製真實檔案的 inode 資訊，所以刪除真實檔案的檔名

//硬連結仍可以取得真實檔案的 inode 資訊內的 Block 區塊位置

symbolic link 可跨越分割區支援目錄刪除真實檔案後成無效連結無法自訂權限

hard link 不可跨越分割區不支援目錄刪除真實檔案後仍有效連結可以自訂權限

-------------------------------------- 執行檔

//執行檔的絕對路徑
# ls /usr/bin/du
/usr/bin/du
# /usr/bin/du
44 .

//環境變數 PATH 設定自動搜尋目錄裡的執行檔
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
# du
44 .

# echo "HelloWorld!" > runMe
# ls -l
-rw-r--r--. 1 root root 12 3月 29 22:16 runMe

# chmod u+x runMe

# ls -l

-rwxr--r--. 1 root root 12 3月 29 22:16 runMe

# runMe

-bash: runMe：命令找不到

//執行目前所在目錄下的執行檔

# ./runMe

./runMe: 列 1: HelloWorld!：命令找不到

-------------------------------------- 硬碟空間使用情形

//report file system disk space usage 各分割區使用情況
//-h, --human-readable
# df -h
檔案系統容量已用可用已用% 掛載點
devtmpfs 886M 0 886M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 8.7M 895M 1% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/cl_centos8-root 6.2G 1.4G 4.9G 23% /
/dev/sda1 976M 136M 774M 15% /boot
tmpfs 181M 0 181M 0% /run/user/0

//estimate file space usage 目前目錄下( 含子目錄)已用空間
# du -h
32K .

//-s, --summarize

# du -sh /var/

115M /var/

# du -sh /var/*

0 /var/adm

24M /var/cache

0 /var/crash

...

-------------------------------------- 重導輸出 redirect ，重導輸入

//若導向到的檔案已經存在，則會被覆蓋
# echo "this is old data" > myfile
# cat myfile
this is old data

// >> 新增至尾端

# echo "this is new data" >> myfile
# cat myfile
this is old data
this is new data

# ls
anaconda-ks.cfg
# ls kk1.txt
ls: 無法存取 'kk1.txt': 沒有此一檔案或目錄

// stdin:0 stdout:1 stderr:2
# ls kk1.txt 2> myError

# ls
anaconda-ks.cfg myError

# cat myError
ls: 無法存取 'kk1.txt': 沒有此一檔案或目錄

# echo "電腦使用筆記" > mydata
# cat mydata
電腦使用筆記

//行數字數 byte數
# wc < mydata
1 1 19

# ls -l
-rw-r--r--. 1 root root 19 3月 29 22:58 mydata

-------------------------------------- 迴路介面 loopback interface

//ifconfig 替換為 ip addr
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::738b:2e41:1d4b:20f3/64 scope link noprefixroute
valid_lft forever preferred_lft forever

# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

# ping localhost

PING localhost(localhost (::1)) 56 data bytes

64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.069 ms

-------------------------------------- nmcli 設定IP 相關

# nmcli device status
DEVICE TYPE STATE CONNECTION
ens33 ethernet 已連線 ens33
lo loopback 不受管理 --

# nmcli connection modify ens33 ipv4.address 192.168.2.103/24

# nmcli connection modify ens33 ipv4.gateway 192.168.2.1

# nmcli connection modify ens33 ipv4.dns 192.168.2.1

# nmcli device connect ens33
裝置「ens33」已成功以「9cb77588-c78e-40b0-acbe-3be164c3e385」啟用。
# nmcli device disconnect ens33

# nmcli connection up ens33
連線已成功啟用（D-Bus 啟用路徑：/org/freedesktop/NetworkManager/ActiveConnection/3）
# nmcli connection down ens33

# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:67:87:0A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (已連線)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnectio>
WIRED-PROPERTIES.CARRIER: 開
IP4.ADDRESS[1]: 192.168.2.103/24
IP4.GATEWAY: 192.168.2.1
IP4.ROUTE[1]: dst = 192.168.2.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.2.1, mt = 100
IP4.DNS[1]: 192.168.2.1
IP6.ADDRESS[1]: fe80::738b:2e41:1d4b:20f3/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255

//CLI 下的圖形設計工具
# nmtui edit ens33

# systemctl restart NetworkManager.service

------------------------------ ip 工具由命令所做的設定，不會存至系統組態檔，所只適合測試用。

# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
.
.
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

//顯示特定設備的統計資料

# ip -s link show ens33

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

RX: bytes packets errors dropped overrun mcast

818966 6508 0 0 0 0

TX: bytes packets errors dropped carrier collsns

601940 3995 0 0 0 0

// 指派 ip 位址給設備

# ip addr add 192.168.2.104/24 brd + dev ens33

# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

valid_lft forever preferred_lft forever

inet 192.168.2.104/24 brd 192.168.2.255 scope global secondary ens33

# ping 192.168.2.104

PING 192.168.2.104 (192.168.2.104) 56(84) bytes of data.

64 bytes from 192.168.2.104: icmp_seq=1 ttl=64 time=0.071 ms

若 Host is Wondows7 無法 ping ：
控制台\系統及安全性\Windows 防火牆 --> 進階設定 --> 輸入規則 --> 檔案及印表機共用 (回應要求 - ICMPv4-In) --> 私人,公用 --> 已啟用 --> 是

# ip addr del 192.168.2.104/24 dev ens33

# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group defa ult qlen 1000

link/ether 00:0c:29:67:87:0a brd ff:ff:ff:ff:ff:ff

inet 192.168.2.103/24 brd 192.168.2.255 scope global noprefixroute ens33

//啟用

# ip link set ens33 up

//停用

# ip link set ens33 down

-------------------------------------- NetworkManager 工具

# systemctl status NetworkManager

● NetworkManager.service - Network Manager

Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor pre>

Active: active (running) since Mon 2020-02-24 16:12:24 CST; 41min ago

# ls /usr/lib/systemd/system

NetworkManager.service

//系統網路組態目錄下的設定檔

# ls /etc/sysconfig/network-scripts/

ifcfg-ens33

# cat /etc/sysconfig/network-scripts/ifcfg-ens33

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=none //是否自動取的IP；若是，dhcp 。若否，static 或 none

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=yes

IPV6_AUTOCONF=yes

IPV6_DEFROUTE=yes

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens33

UUID=9cb77588-c78e-40b0-acbe-3be164c3e385

DEVICE=ens33

ONBOOT=yes //開機是否啟用此網路卡

IPADDR=192.168.2.103

PREFIX=24

GATEWAY=192.168.2.1

DNS1=192.168.2.1

IPV6_PRIVACY=no

# systemctl restart NetworkManager.service

-------------------------------------- 網路測試工具

//hostnamectl 取替 hostname

# hostnamectl set-hostname CentOS8.Ku
# hostnamectl

Static hostname: CentOS8.Ku
Icon name: computer-vm
Chassis: vm
Machine ID: 964572b3e4d64c338b0bc8c066ac099c
Boot ID: 1c016fbe42b8401d84e934a75a3a450e
Virtualization: vmware
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-147.5.1.el8_1.x86_64
Architecture: x86-64

//測試主機回應 Hinet 的 DNS
# ping 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=247 time=9.10 ms

//ss is used to dump socket statistics.
//ss 取替 netstat
t：tcp協定 u：udp協定 n：不用名稱以port顯示 p：連線由哪個行程處理 l：在傾聽的連線

# ss -tunpl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=1693,fd=18))

//檢視tcp連線
# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 52 192.168.2.103:ssh 192.168.2.100:54723

//檢視udp
# ss -u
Recv-Q Send-Q Local Address:Port Peer Address:Port

//tracepath 取替 traceroute/traceroute6
# tracepath 8.8.8.8
1?: [LOCALHOST] pmtu 1500
1: _gateway 1.110ms
1: _gateway 1.143ms
2: ZyXEL.Home 1.737ms

//ip route 取替 route

# ip route show | column -t

default via 192.168.2.1 dev ens33 proto static metric 100
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.103

# ip route show | column -t > kkRouteTable.txt
# cat kkRouteTable.txt
default via 192.168.2.1 dev ens33 proto static metric 100
192.168.2.0/24 dev ens33 proto kernel scope link src 192.168.2.103 metric 100

# ip -6 route show | column -t
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens33 proto kernel metric 100 pref medium

# ip route show
default via 192.168.1.1 dev ens32 proto static metric 100
192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ip addr add 10.15.150.1/24 brd + dev ens32
# ip addr show
...

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2f:19:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.4/24 brd 192.168.1.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet 10.15.150.1/24 brd 10.15.150.255 scope global ens32
valid_lft forever preferred_lft forever
...

# ip route add 10.15.150.0/24 192.168.1.1 dev ens32 //增加靜態路由

# ip route show

default via 192.168.1.1 dev ens32 proto static metric 100

10.15.150.0/24 dev ens32 proto kernel scope link src 10.15.150.1

192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ping 10.15.150.1

PING 10.15.150.1 (10.15.150.1) 56(84) bytes of data.

64 bytes from 10.15.150.1: icmp_seq=1 ttl=64 time=0.064 ms

...

# ip route del 10.15.150.0/24

# ip route show

default via 192.168.1.1 dev ens32 proto static metric 100

192.168.1.0/24 dev ens32 proto kernel scope link src 192.168.1.4 metric 100

# ip addr del 10.15.150.1/24 dev ens32

# ip addr show

...

2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000

link/ether 00:0c:29:2f:19:6f brd ff:ff:ff:ff:ff:ff

inet 192.168.1.4/24 brd 192.168.1.255 scope global noprefixroute ens32

valid_lft forever preferred_lft forever

...

//ARP Address Resolution Protocol 位址解析協定，由已知的 IP 位址查問其相對應的網路實體位址MAC
RARP Reverse Address Resolution Protocol 反向位址解析協定,由已知的網路實體位址（MAC 位址）查詢其相對應的 IP 位址

//ip neighbor 取替 arp

# ip neighbor show

192.168.2.1 dev ens33 lladdr 80:1f:02:1f:33:86 STALE

192.168.2.100 dev ens33 lladdr 54:04:a6:6b:67:7d REACHABLE

被淘汰的工具只是不在預設安裝所包含的，所以是可以利用 yum 把他安裝回來

Note：在 yum 中不知道套件的名稱，可以用 provides 和 list 直接搜尋 package 裡面的工具

//DNF is the next upcoming major version of YUM

# dnf provides */ifconfig

net-tools-2.0-0.51.20160912git.el8.x86_64 : Basic networking tools

軟體庫：BaseOS

符合來源：

檔案名稱：/usr/sbin/ifconfig

# dnf -y install net-tools

# netstat -r | column -t
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 ens33
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33

# dnf -y install bind-utils

# dig 168.95.1.1

# dnf -y install traceroute

# traceroute www.chehjh.kh.edu.tw

----------------------------------------------------------------- Firewalld

//查詢啟用狀態
# firewall-cmd --state
running

# firewall-cmd --get-zones

block dmz drop external home internal public trusted work

# ls /usr/lib/firewalld/zones/

block.xml drop.xml home.xml public.xml work.xml

dmz.xml external.xml internal.xml trusted.xml

# firewall-cmd --get-active-zone

public

interfaces: ens32

//了解目前zone的詳細設定

# firewall-cmd --zone=public --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens32

sources:

services: cockpit dhcpv6-client ssh

...

// 名稱 vsfpt 、vsftpd 都不是

# firewall-cmd --get-service | grep ftp
...
cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry
...
freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin
...
network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-
...
rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tft tftp-client tile38 tinc
...

# ls /usr/lib/firewalld/services/ | grep ftp
ftp.xml
tftp-client.xml
tftp.xml

//將服務加入規則

# firewall-cmd --zone=public --add-service=ftp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports:

...

//將埠口加入規則

# firewall-cmd --zone=public --add-port=8080/tcp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports: 8080/tcp

...

//將服務與埠口移除

# firewall-cmd --zone=public --remove-port=8080/tcp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ftp ssh

ports:

# firewall-cmd --zone=public --remove-service=ftp

success

# firewall-cmd --zone=public --list-all

public (active)

...

services: cockpit dhcpv6-client ssh

ports:

// firewalld.service 開機是否啟動

# systemctl disable firewalld.service

# systemctl enable firewalld.service

# systemctl is-enabled firewalld.service

enabled

# ls /usr/lib/systemd/system

...

crond.service selinux-autorelabel-mark.service

...

default.target.wants sshd.service

dnf-makecache.service sssd-kcm.service

...

firewalld.service suspend-then-hibernate.target

...

NetworkManager.service systemd-rfkill.socket

...

//停止FirewallD服務

# systemctl stop firewalld.service

# systemctl start firewalld.service

# systemctl is-active firewalld.service

active

# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since Thu 2020-03-05 10:58:39 CST; 1min 51s ago

郭進電腦使用筆記

內容選單標籤

2020年2月24日星期一

CentOS8 指令練習與網路管理

此篇已經重新謄錄完成!!
可以作廢。

沒有留言:

張貼留言

內容選單標籤

2020年2月24日 星期一

CentOS8 指令練習與網路管理

此篇已經重新謄錄完成!!可以作廢。

沒有留言:

張貼留言

2020年2月24日星期一

此篇已經重新謄錄完成!!
可以作廢。