Detailed explanation of firewall rule settings and commands (whitelist settings)

1. Set firewall rules

Example 1: Expose port 8080 to the outside world

firewall-cmd --permanent --add-port=8080/tcp

Example 2: Only servers in the 192.168.1.1/24 network segment can access port 3306 of the MySQL service

#Add rule firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

#reload to make it effective firewall-cmd --reload

Example 3: Port forwarding, forwarding access to port 3306 of the local machine to port 3306 of the 192.168.1.1 server

# Enable spoofing IP
firewall-cmd --permanent --add-masquerade
# Configure port forwarding firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306

Note: If you do not enable spoofing IP, port forwarding will fail; secondly, make sure that the port on the source server (3306) and the port on the target server (13306) are open.

2. Firewall Command

1. Start, stop, and restart firewalld

1. Stop

systemctl stop firewalld.service

2. Start

systemctl start firewalld.service

3. Restart

systemctl restart firewalld.service

4. Check the status:

systemctl status firewalld

5. Disable firewall startup

systemctl disable firewalld

6. Set the firewall to be enabled at startup:

systemctl enable firewalld.service

2. Check firewall rules and status

1. Check the default firewall status (notrunning is displayed when it is turned off, and running is displayed when it is turned on)

firewall-cmd --state

2. View firewall rules (only display firewall policies in /etc/firewalld/zones/public.xml)

firewall-cmd --list-all

3. View all firewall policies (that is, display all policies under /etc/firewalld/zones/)

firewall-cmd --list-all-zones

4. Reload the configuration file

firewall-cmd --reload

3. Configure firewalld-cmd

Check the version: firewall-cmd --version

View help: firewall-cmd --help

Show status: firewall-cmd --state

View all open ports: firewall-cmd --zone=public --list-ports

Update firewall rules: firewall-cmd --reload

View zone information: firewall-cmd --get-active-zones

Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0

Deny all packets: firewall-cmd --panic-on

Cancel the deny state: firewall-cmd --panic-off

Check whether it is rejected: firewall-cmd --query-panic

4. How to open a port?

1. Add (--permanent is effective permanently, and will become invalid after restart without this parameter)

firewall-cmd --zone=public --add-port=80/tcp --permanent

2. Reload (make the modified rules effective)

firewall-cmd --reload

3. View

firewall-cmd --zone=public --query-port=80/tcp

4. Delete

firewall-cmd --zone= public --remove-port=80/tcp --permanent

Because the corresponding rules of ssh.xml are defined in /usr/lib/firewalld/services/

5. systemctl is the main tool in CentOS7's service management tools, which integrates the functions of the previous service and chkconfig.

Start a service: systemctl start firewalld.service
Shut down a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
Display the status of a service: systemctl status firewalld.service
Enable a service at boot: systemctl enable firewalld.service
Disable a service at boot: systemctl disable firewalld.service
Check whether the service is started: systemctl is-enabled firewalld.service
View the list of started services: systemctl list-unit-files | grep enabled
View the list of services that failed to start: systemctl --failed

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Use iptables and firewalld tools to manage Linux firewall connection rules
Detailed explanation of firewall command in centos7
Detailed explanation of Firewall configuration and usage under CentOS7 (recommended)
Detailed explanation of using firewall-cmd to control ports and port forwarding in CentOS 7
Summary of how to use firewall in Linux
Detailed introduction to Firewalld related commands in Centos 7
Summary of common commands of firewall in centos 7
Detailed explanation of CentOS7 firewall management firewalld

<<: MySQL character set garbled characters and solutions

>>: Detailed steps to install MySQL 5.6 X64 version under Linux

Detailed explanation of firewall rule settings and commands (whitelist settings)

How to install phabricator using Docker

Web Design Tutorial (8): Web Page Hierarchy and Space Design

How to implement Nginx reverse proxy for multiple servers

nginx configuration location summary location regular writing and rewrite rule writing

Implementation of converting between underline and camel case in js (multiple methods)

Docker Nginx container and Tomcat container to achieve load balancing and dynamic and static separation operations

4 ways to achieve a two-column layout with fixed left column and adaptive right column using CSS

Detailed explanation of the idea of achieving the point-earning effect with CSS animation

How to install and configure ftp server in CentOS8.0

Example of integrating Kafka with Nginx

Recommend

CSS code to achieve 10 modern layouts

The implementation process of extracting oracle data to mysql database

Vue realizes screen adaptation of large screen pages

How to remount the data disk after initializing the system disk in Linux

Basic use of javascript array includes and reduce

How to migrate the data directory in Docker

Summary of DTD usage in HTML

Element table header row height problem solution

Tutorial on building nextcloud personal network disk with Docker

Nginx reverse proxy forwards port 80 requests to 8080

Implementing a simple calculator with javascript

MySQL derived table (Derived Table) simple usage example analysis

Solution to large line spacing (5 pixels more in IE)

Introduction to JavaScript conditional access attributes and arrow functions

Overview of the definition of HTC components after IE5.0