Firewall basic use

Posted by FrancoPaddy on Mon, 09 Dec 2019 18:58:41 +0100

I. system environment

Centos7

Two, installation

 

    $ yum install -y firewalld

III. basic startup command

 

    $ systemctl status firewalld                # View state
    $ systemctl start firewalld                  # start-up
    $ systemctl stop firewalld                  #Close
    $ systemctl enable firewalld              # Boot up
    $ systemctl disable firewalld             # Cancel startup

IV. common commands

1. view

 

   $ firewall-cmd --get-active-zones   # View active domains
   $ firewall-cmd --zone=public --list-ports  # View open ports
   $ firewall-cmd --zone=public --list-rich-rules  # View added rules

2. Add port

 

# Open single port
$ firewall-cmd --zone=public --add-port=80/tcp --permanent                     

# Open port range
$ firewall-cmd --zone=public --add-port=8388-8389/tcp --permanent        

# Open 10000 ports for 147.152.139.197
$ firewall-cmd --permanent --zone=public --add-rich-rule='
        rule family="ipv4"
        source address="147.152.139.197/32"
        port protocol="tcp" port="10000" accept'       
        
# Reject port:
$ firewall-cmd --permanent --zone=public --add-rich-rule='
              rule family="ipv4"
              source address="47.52.39.197/32"
              port protocol="tcp" port="10000" reject'  

# Open all ports to IP
$ firewall-cmd --permanent --zone=public --add-rich-rule='
              rule family="ipv4"
              source address="192.168.0.1/32" accept';

# Open all ports to network segment
$ firewall-cmd --permanent --zone=public --add-rich-rule='
              rule family="ipv4"
              source address="192.168.0.0/16" accept';

3. Add service

 

# View all supported services
$ firewall-cmd --get-service

# View open services
$ firewall-cmd --list-service

# Add service, add https
$ firewall-cmd --add-service=https --permanent

The configuration file corresponding to the modification is / etc/firewalld/zones/public.xml

4. Remove port

 

# Remove added ports
$ firewall-cmd --zone=public --remove-port=80/tcp --permanent

4. Heavy load configuration

After modifying the routing rules, you need to reload the rules for the rules to take effect

 

$ firewall-cmd --reload



By QuincyZ
Link: https://www.jianshu.com/p/90603f7b2119
Source: Jianshu
The copyright belongs to the author. For commercial reprint, please contact the author for authorization. For non-commercial reprint, please indicate the source.

Topics: Programming firewall yum network xml

Hot Topics

©2024 Programmer Think