I. The concept of firewalls
Firewall technology is a technology that combines all kinds of software and hardware devices for security management and screening to help computer networks build a relatively isolated protection barrier between their internal and external networks to protect user data and information security.
Professional firewalls consist of software and hardware, which can protect the entire network at a very expensive price, ranging from tens of thousands to hundreds of thousands. They have very powerful functions, including*** detection, network address translation, audit monitoring of network operations, and strengthening network security services.
The firewall of the operating system (Windows and Linux comes with) is only part of the software to protect this operating system. It has simple functions and can only prevent simple***.
This article focuses on the use and configuration of firewalls for versions above CentOS7.
2. Firewall Configuration
The firewall of CentOS7 is more powerful than that of CentOS6, and the configuration and operation commands are completely different.
The firewall rule for CentOS7 can be either a port or a service.
The firewall views and configures the commands described below and, if not specified, requires administrator privileges to execute.
1. View Firewall Commands
1) View the version of the firewall.
firewall-cmd --version
2) View the status of firewall.
firewall-cmd --state
3) View firewall service status (common user executable).
systemctl status firewalld
4) View all information about the firewall.
firewall-cmd --list-all
5) View the ports that are open to the firewall.
firewall-cmd --list-port
6) View services with firewalls open.
firewall-cmd --list-service
7) View the entire list of services (common user executable).
firewall-cmd --get-services
8) Check whether the firewall service is powered on and started.
systemctl is-enabled firewalld
2. Commands for configuring firewalls
1) Start, restart and close firewall services.
#start-up systemctl start firewalld #restart systemctl restart firewalld #Close systemctl stop firewalld
2) Open or remove a port.
#Open port 80 firewall-cmd --zone=public --add-port=80/tcp --permanent #Remove port 80 firewall-cmd --zone=public --remove-port=80/tcp --permanent
3) Open and remove range ports.
#Open ports between 5000 and 5500 firewall-cmd --zone=public --add-port=5000-5500/tcp --permanent #Remove ports between 5000 and 5500 firewall-cmd --zone=public --remove-port=5000-5500/tcp --permanent
4) Opening and removing services.
#Opening ftp services firewall-cmd --zone=public --add-service=ftp --permanent #Remove http services firewall-cmd --zone=public --remove-service=ftp --permanent
5) Reload the firewall configuration (to reload the firewall configuration or restart the firewall service after modifying the configuration).
firewall-cmd --reload
6) Set the firewall service to be enabled and disabled at power on.
#Enable Services systemctl enable firewalld #Disable Service systemctl disable firewalld
3. Versions below centos7
1) Open ports 80, 22, 8080.
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
2) Save.
/etc/rc.d/init.d/iptables save
3) View the open port.
/etc/init.d/iptables status
4) Start and close firewall services.
#Start Services service iptables start #Shut down services service iptables stop
5) Set the firewall service to be enabled and disabled at power on.
#Enable Services chkconfig iptables on #Disable Service chkconfig iptables off
IV. Cloud Platform Access Policy Configuration
If you purchased a cloud server, in addition to configuring the firewall of the cloud server, you also need to log in to the cloud server provider's management platform to configure access policies (or security groups).
Different cloud server providers have different ways of operating their management platforms. Read the operation manual, or Baidu, or consult the customer service of the cloud server providers.
5. Copyright Statement
C Language Technology Network original article, reproduced with links to the source, author and text of the article.
Source: C Language Technology Network (www.freecplus.net)
Author: Weinong Youdao
If this article is helpful to you, please comment on it or forward my article to your blog, thank you!!!
If the article has mistyped words, incorrect content, or other suggestions and opinions, please leave a message to correct, thank you very much!!!