Detailed explanation of firewall rule settings and commands (whitelist settings)

1. Set firewall rules

Example 1: Expose port 8080 to the outside world

firewall-cmd --permanent --add-port=8080/tcp

Example 2: Only servers in the 192.168.1.1/24 network segment can access port 3306 of the MySQL service

#Add rule firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

#reload to make it effective firewall-cmd --reload

Example 3: Port forwarding, forwarding access to port 3306 of the local machine to port 3306 of the 192.168.1.1 server

# Enable spoofing IP
firewall-cmd --permanent --add-masquerade
# Configure port forwarding firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306

Note: If you do not enable spoofing IP, port forwarding will fail; secondly, make sure that the port on the source server (3306) and the port on the target server (13306) are open.

2. Firewall Command

1. Start, stop, and restart firewalld

1. Stop

systemctl stop firewalld.service

2. Start

systemctl start firewalld.service

3. Restart

systemctl restart firewalld.service

4. Check the status:

systemctl status firewalld

5. Disable firewall startup

systemctl disable firewalld

6. Set the firewall to be enabled at startup:

systemctl enable firewalld.service

2. Check firewall rules and status

1. Check the default firewall status (notrunning is displayed when it is turned off, and running is displayed when it is turned on)

firewall-cmd --state

2. View firewall rules (only display firewall policies in /etc/firewalld/zones/public.xml)

firewall-cmd --list-all

3. View all firewall policies (that is, display all policies under /etc/firewalld/zones/)

firewall-cmd --list-all-zones

4. Reload the configuration file

firewall-cmd --reload

3. Configure firewalld-cmd

Check the version: firewall-cmd --version

View help: firewall-cmd --help

Show status: firewall-cmd --state

View all open ports: firewall-cmd --zone=public --list-ports

Update firewall rules: firewall-cmd --reload

View zone information: firewall-cmd --get-active-zones

Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0

Deny all packets: firewall-cmd --panic-on

Cancel the deny state: firewall-cmd --panic-off

Check whether it is rejected: firewall-cmd --query-panic

4. How to open a port?

1. Add (--permanent is effective permanently, and will become invalid after restart without this parameter)

firewall-cmd --zone=public --add-port=80/tcp --permanent

2. Reload (make the modified rules effective)

firewall-cmd --reload

3. View

firewall-cmd --zone=public --query-port=80/tcp

4. Delete

firewall-cmd --zone= public --remove-port=80/tcp --permanent

Because the corresponding rules of ssh.xml are defined in /usr/lib/firewalld/services/

5. systemctl is the main tool in CentOS7's service management tools, which integrates the functions of the previous service and chkconfig.

Start a service: systemctl start firewalld.service
Shut down a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
Display the status of a service: systemctl status firewalld.service
Enable a service at boot: systemctl enable firewalld.service
Disable a service at boot: systemctl disable firewalld.service
Check whether the service is started: systemctl is-enabled firewalld.service
View the list of started services: systemctl list-unit-files | grep enabled
View the list of services that failed to start: systemctl --failed

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Use iptables and firewalld tools to manage Linux firewall connection rules
Detailed explanation of firewall command in centos7
Detailed explanation of Firewall configuration and usage under CentOS7 (recommended)
Detailed explanation of using firewall-cmd to control ports and port forwarding in CentOS 7
Summary of how to use firewall in Linux
Detailed introduction to Firewalld related commands in Centos 7
Summary of common commands of firewall in centos 7
Detailed explanation of CentOS7 firewall management firewalld

<<: MySQL character set garbled characters and solutions

>>: Detailed steps to install MySQL 5.6 X64 version under Linux

Use the CSS border-radius property to set the arc

Detailed explanation of firewall rule settings and commands (whitelist settings)

Use the CSS border-radius property to set the arc

Why I recommend Nginx as a backend server proxy (reason analysis)

How to modify the ssh port number in Centos8 environment

Introduction and usage of Angular pipeline PIPE

JavaScript modularity explained

Detailed explanation of the use of MySQL group links

How to check if data exists before inserting in mysql

Implementing custom scroll bar with native js

Three networking methods and principles of VMware virtual machines (summary)

Sample code for implementing dynamic glowing special effects animation of circles using pure CSS3

Recommend

Perfect solution to the problem of connection failure after MySQL client authorization

Mysql get table comment field operation

About WeChat Mini Program to implement cloud payment

Install nvidia graphics driver under Ubuntu (simple installation method)

What to do if you forget the root password of Mysql5.7 (simple and effective method)

Axios cancels repeated requests

How to install and use Cockpit on CentOS 8/RHEL 8

Nginx service 500: Internal Server Error one of the reasons

Invalid solution when defining multiple class attributes in HTML

The difference between HTML name id and class_PowerNode Java Academy

React Principles Explained

A brief discussion on whether MySQL can have a function similar to Oracle's nvl

Introduction to Linux and the most commonly used commands (easy to learn, but can solve more than 95% of the problems)

Detailed explanation of Vue's calculated properties

How to use nginx as a proxy cache