Complete list of CentOS7 firewall operation commands

Install:

yum install firewalld

1. Basic use of firewalld

Start: systemctl start firewalld

Check the status: systemctl status firewalld

Disable and prohibit booting: systemctl disable firewalld

Stop running: systemctl stop firewalld

2. Configure firewalld-cmd

Check the version: firewall-cmd --version

View help: firewall-cmd --help

Show status: firewall-cmd --state

View all open ports: firewall-cmd --zone=public --list-ports

Update firewall rules: firewall-cmd --reload

Update firewall rules and restart the service: firewall-cmd --completely-reload

View the activated Zone information: firewall-cmd --get-active-zones

Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0

Deny all packets: firewall-cmd --panic-on

Cancel the deny state: firewall-cmd --panic-off

Check whether it is rejected: firewall-cmd --query-panic

3. Trust level, specified by the Zone value

drop: discard all incoming packets without giving any response

block: reject all externally initiated connections and allow internally initiated connections

public: Allows specified incoming connections

external: Same as above, for disguised incoming connections, generally used for routing forwarding

dmz: Allow restricted incoming connections

work: Allows trusted computers to have limited access to connections, similar to workgroup

home: Same as above, similar to homegroup

internal: Same as above, scoped to all Internet users

trusted: trust all connections

4. Firewall opens and closes ports

The following operations are all in the public zone. To change the zone, just change the value after the Zone.

Add: firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent takes effect permanently, and will become invalid after restart without this parameter)

Reload: firewall-cmd --reload

View: firewall-cmd --zone=public --query-port=80/tcp

Delete: firewall-cmd --zone=public --remove-port=80/tcp --permanent

5. Management Services

Take the SMTP service as an example, add it to the work zone

Add: firewall-cmd --zone=work --add-service=smtp

View: firewall-cmd --zone=work --query-service=smtp

Delete: firewall-cmd --zone=work --remove-service=smtp

5. Configure IP address masquerading

See: firewall-cmd --zone=external --query-masquerade

Open: firewall-cmd --zone=external --add-masquerade

To disable: firewall-cmd --zone=external --remove-masquerade

6. Port Forwarding

To enable port forwarding, you first need to enable IP address masquerade firewall-cmd --zone=external --add-masquerade

Forward tcp port 22 to 3753: firewall-cmd --zone=external --add-forward-port=22:porto=tcp:toport=3753

Forward port data to the same port of another IP: firewall-cmd --zone=external --add-forward-port=22:porto=tcp:toaddr=192.168.1.112

Forward port data to port 3753 of another IP: firewall-cmd --zone=external --add-forward-port=22:porto=tcp:：toport=3753:toaddr=192.168.1.112

6.systemctl is the main tool in CentOS7's service management tools, which integrates the functions of previous service and chkconfig.

Start a service: systemctl start firewalld.service

Shut down a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Display the status of a service: systemctl status firewalld.service

Enable a service at boot: systemctl enable firewalld.service

Disable a service at boot: systemctl disable firewalld.service

Check whether the service is started: systemctl is-enabled firewalld.service

View the list of started services: systemctl list-unit-files | grep enabled

View the list of services that failed to start: systemctl --failed

Summarize

This is the end of this article about the complete CentOS7 firewall operation commands. For more related CentOS firewall operation commands, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!