Detailed explanation of firewall rule settings and commands (whitelist settings)
|
1. Set firewall rules Example 1: Expose port 8080 to the outside world firewall-cmd --permanent --add-port=8080/tcp Example 2: Only servers in the 192.168.1.1/24 network segment can access port 3306 of the MySQL service #Add rule firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept" #reload to make it effective firewall-cmd --reload Example 3: Port forwarding, forwarding access to port 3306 of the local machine to port 3306 of the 192.168.1.1 server # Enable spoofing IP firewall-cmd --permanent --add-masquerade # Configure port forwarding firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306 Note: If you do not enable spoofing IP, port forwarding will fail; secondly, make sure that the port on the source server (3306) and the port on the target server (13306) are open. 2. Firewall Command 1. Start, stop, and restart firewalld 1. Stop systemctl stop firewalld.service 2. Start systemctl start firewalld.service 3. Restart systemctl restart firewalld.service 4. Check the status: systemctl status firewalld 5. Disable firewall startup systemctl disable firewalld 6. Set the firewall to be enabled at startup: systemctl enable firewalld.service 2. Check firewall rules and status 1. Check the default firewall status (notrunning is displayed when it is turned off, and running is displayed when it is turned on) firewall-cmd --state 2. View firewall rules (only display firewall policies in /etc/firewalld/zones/public.xml) firewall-cmd --list-all 3. View all firewall policies (that is, display all policies under /etc/firewalld/zones/) firewall-cmd --list-all-zones 4. Reload the configuration file firewall-cmd --reload 3. Configure firewalld-cmd Check the version: firewall-cmd --version View help: firewall-cmd --help Show status: firewall-cmd --state View all open ports: firewall-cmd --zone=public --list-ports Update firewall rules: firewall-cmd --reload View zone information: firewall-cmd --get-active-zones Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0 Deny all packets: firewall-cmd --panic-on Cancel the deny state: firewall-cmd --panic-off Check whether it is rejected: firewall-cmd --query-panic 4. How to open a port? 1. Add (--permanent is effective permanently, and will become invalid after restart without this parameter) firewall-cmd --zone=public --add-port=80/tcp --permanent 2. Reload (make the modified rules effective) firewall-cmd --reload 3. View firewall-cmd --zone=public --query-port=80/tcp 4. Delete firewall-cmd --zone= public --remove-port=80/tcp --permanent Because the corresponding rules of ssh.xml are defined in /usr/lib/firewalld/services/ 5. systemctl is the main tool in CentOS7's service management tools, which integrates the functions of the previous service and chkconfig. Start a service: systemctl start firewalld.service Shut down a service: systemctl stop firewalld.service Restart a service: systemctl restart firewalld.service Display the status of a service: systemctl status firewalld.service Enable a service at boot: systemctl enable firewalld.service Disable a service at boot: systemctl disable firewalld.service Check whether the service is started: systemctl is-enabled firewalld.service View the list of started services: systemctl list-unit-files | grep enabled View the list of services that failed to start: systemctl --failed The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM. You may also be interested in:
|
<<: MySQL character set garbled characters and solutions
>>: Detailed steps to install MySQL 5.6 X64 version under Linux
Recommend
Tips for viewing History records and adding timestamps in Linux
Tips for viewing History records and adding times...
Summary of learning HTML tags and basic elements
1. Elements and tags in HTML <br />An eleme...
One line of code teaches you how to hide Linux processes
Friends always ask me how to hide Linux processes...
Detailed explanation of how to adjust Linux command history
The bash history command in Linux system helps to...
Detailed explanation of 8 ways to pass parameters in Vue routing components
When we develop a single-page application, someti...
WiFi Development | Introduction to WiFi Wireless Technology
Table of contents Introduction to WiFi Wireless T...
Compilation process analysis of Remax framework for writing small programs using React (recommended)
Remax is an open source framework developed by An...
Examples of preview functions for various types of files in vue3
Table of contents Preface 1. Preview of office do...
Delete the image operation of none in docker images
Since I usually use the docker build command to g...
Examples of importing and exporting MySQL table data
This article describes the import and export oper...
Detailed tutorial of pycharm and ssh remote access server docker
Background: Some experiments need to be completed...
Detailed explanation of the usage of MySQL data type DECIMAL
MySQL DECIMAL data type is used to store exact nu...
Implementation of Nginx filtering access logs of static resource files
Messy log Nginx in daily use is mostly used as bo...
Detailed explanation of Linux commands sort, uniq, tr tools
Sort Tool The Linux sort command is used to sort ...
Detailed steps to implement the Excel import function in Vue
1. Front-end-led implementation steps The first s...