Linux network card / firewall

Posted by barrow on Sun, 12 Apr 2020 14:02:54 +0200


Naming rules of network card

In Centos6, the naming method of network card: it will dynamically change according to the situation and is not unique and fixed. The commonly used naming methods of network card are eth0 and eth1. When the network card is increased or decreased, the name of network card will change

In Centos7/8 network card naming method: it will collect naming scheme according to dmidecode to obtain network card information. At this time, the name of network card is fixed and unique

dmidecode: used to collect information about hardware

Naming method of network devices

If the index information provided by the device integrated with Fireware (Firmware) or BIOS motherboard is available and predictable, name it according to this index, for example: ifcfg-ens33

If the index information provided by Fireware (Firmware) or BIOS for PCI-E expansion board is available and predictable, name it according to this index, for example: ifcfg-enp33

If the room information of the hardware interface is available, name it according to this information, for example: enp2s0

When none of the above is available, use the traditional naming method


In Centos7/8, en: ethernet means ethernet

enX (there are three common types of X)

O: On board network card of main board, device index number of integrated device

P: Independent network card

S: Index number of expansion slot of hot plug network card, usb and so on

In Centos8, the network card continues the naming method in Centos7, for example: ens-XX,

Ifdown ensxx & & ifup ensxx

It completely stops the use of network. You cannot restart all network cards through network
Expand knowledge points

Common commands


Used to view information about network card

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500  # Network card operation status,Radio broadcast,Multicast,Maximum transmission unit
        inet  netmask  broadcast  # NIC IP address,Mask,Broadcast address
        inet6 fe80::eed5:433d:3d90:d07f  prefixlen 64  scopeid 0x20<link> # IPV6 Address and mask of
        inet6 240e:e0:f097:5a47:aa9b:b41f:4aba:145c  prefixlen 64  scopeid 0x0<global>
        ether 00:0c:29:3e:cc:39  txqueuelen 1000  (Ethernet)  # NIC MAC address txqueuelen:Transmission queue length
        RX packets 728  bytes 76433 (74.6 KiB)  # Statistics of packets received by network card
        RX errors 0  dropped 0  overruns 0  frame 0  # Statistics of network card accepting error packets
        TX packets 879  bytes 553718 (540.7 KiB)  # Statistics of packets sent by network card
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  # Statistics of error packets sent by network card

ifconfig ensXX:

You can view a separate network card

Temporarily modify the IP address of the network card

[root@SR SR]ifconfig ens33 netmask ා modify the network card address
 [root @ SR SR] ifdown ens33 & & ifup ens33 restart the network card
''' Device "ens33" disconnected successfully. Connection activated successfully (D-Bus active path / org/freedesktop/NetworkManager/ActiveConnection/5)
Centos6:service network restart
Centos7:systemctl restart network


ifconfig network card name: 0

Temporarily add multiple network cards

ifconfig ens33:0 netmask up # up Make this IP Address effective

 ip address delete

Delete temporary IP address

ip addr delete dev ens33:0  # Delete temporary IP address

Permanently modify IP address


BOOTPROTO=none  # Address allocation method DHCP Static none
IPADDR=  #IP address 
GATEWAY=  # gateway
DNS=   # DNS
NAME=ens33   # Device name
ONBOOT=yes   # Restart the network card


service network restart

nmcli connection reload  # restart

nmcli connection down ens33 && nmcli connection up ens33  # Restart NIC



It is a daemonic process of monitoring and managing the network. In Centos7, we pay more attention to the use of nework manager to manage network configuration and management. Before Centos7.0, we used network to manage and configure network services. In later versions, all network services are configured and managed by nework manager. It is a dynamic network configuration management service

systemctl status NetworkManager  # View service status

Network related profiles

Network configuration related file path


DNS profile

cat /etc/resolv.conf

Set host and IP address binding information

vim /etc/hosts


View current status

systemctl status firewalld.service

Frequently used commands

systemctl stop firewalld 

Temporarily shut down the firewall service

systemctl start firewalld 

Turn on Firewall Service

systemctl disable firewalld

Turn on and turn off the firewall service automatically

systemctl enable firewalld

Start firewall service automatically

systemctl is-enabled firewalld

Check whether firewall is started when power on

Expand knowledge points

systemctl # List all services
systemctl list-units  # List all starts unit
systemctl list-units --type service  # #Lists the enabled unit s of type. service.
systemctl extended knowledge points



Minimize the resources that can be accessed by the service process in the system (minimum permission principle).

Working mode

Forcing: violations of Selinux rules will be blocked and logged

permissive: violations of Selinux rules are not blocked but logged

disabled: turn off Selinux mode

Frequently used commands


View current working mode



Temporary modification of working mode

0: tolerance mode

1: Forced mode


Permanent closure

vim /etc/selinux/config  # Enter profile

SELINUX=enforcing  # Before modification

SELINUX=disbled   # After modification

Topics: network SELinux firewall vim