Detailed explanation of firewall rule settings and commands (whitelist settings)

1. Set firewall rules

Example 1: Expose port 8080 to the outside world

firewall-cmd --permanent --add-port=8080/tcp

Example 2: Only servers in the 192.168.1.1/24 network segment can access port 3306 of the MySQL service

#Add rule firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

#reload to make it effective firewall-cmd --reload

Example 3: Port forwarding, forwarding access to port 3306 of the local machine to port 3306 of the 192.168.1.1 server

# Enable spoofing IP
firewall-cmd --permanent --add-masquerade
# Configure port forwarding firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306

Note: If you do not enable spoofing IP, port forwarding will fail; secondly, make sure that the port on the source server (3306) and the port on the target server (13306) are open.

2. Firewall Command

1. Start, stop, and restart firewalld

1. Stop

systemctl stop firewalld.service

2. Start

systemctl start firewalld.service

3. Restart

systemctl restart firewalld.service

4. Check the status:

systemctl status firewalld

5. Disable firewall startup

systemctl disable firewalld

6. Set the firewall to be enabled at startup:

systemctl enable firewalld.service

2. Check firewall rules and status

1. Check the default firewall status (notrunning is displayed when it is turned off, and running is displayed when it is turned on)

firewall-cmd --state

2. View firewall rules (only display firewall policies in /etc/firewalld/zones/public.xml)

firewall-cmd --list-all

3. View all firewall policies (that is, display all policies under /etc/firewalld/zones/)

firewall-cmd --list-all-zones

4. Reload the configuration file

firewall-cmd --reload

3. Configure firewalld-cmd

Check the version: firewall-cmd --version

View help: firewall-cmd --help

Show status: firewall-cmd --state

View all open ports: firewall-cmd --zone=public --list-ports

Update firewall rules: firewall-cmd --reload

View zone information: firewall-cmd --get-active-zones

Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0

Deny all packets: firewall-cmd --panic-on

Cancel the deny state: firewall-cmd --panic-off

Check whether it is rejected: firewall-cmd --query-panic

4. How to open a port?

1. Add (--permanent is effective permanently, and will become invalid after restart without this parameter)

firewall-cmd --zone=public --add-port=80/tcp --permanent

2. Reload (make the modified rules effective)

firewall-cmd --reload

3. View

firewall-cmd --zone=public --query-port=80/tcp

4. Delete

firewall-cmd --zone= public --remove-port=80/tcp --permanent

Because the corresponding rules of ssh.xml are defined in /usr/lib/firewalld/services/

5. systemctl is the main tool in CentOS7's service management tools, which integrates the functions of the previous service and chkconfig.

Start a service: systemctl start firewalld.service
Shut down a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
Display the status of a service: systemctl status firewalld.service
Enable a service at boot: systemctl enable firewalld.service
Disable a service at boot: systemctl disable firewalld.service
Check whether the service is started: systemctl is-enabled firewalld.service
View the list of started services: systemctl list-unit-files | grep enabled
View the list of services that failed to start: systemctl --failed

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Use iptables and firewalld tools to manage Linux firewall connection rules
Detailed explanation of firewall command in centos7
Detailed explanation of Firewall configuration and usage under CentOS7 (recommended)
Detailed explanation of using firewall-cmd to control ports and port forwarding in CentOS 7
Summary of how to use firewall in Linux
Detailed introduction to Firewalld related commands in Centos 7
Summary of common commands of firewall in centos 7
Detailed explanation of CentOS7 firewall management firewalld

<<: MySQL character set garbled characters and solutions

>>: Detailed steps to install MySQL 5.6 X64 version under Linux