Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of firewall firewall command instance analysis in centos7, the content is detailed and easy to understand, the operation is simple and fast, and it has a certain reference value. I believe you will gain something after reading this centos7 firewall firewall command instance analysis article. Let's take a look.

If it is not installed on your system, use the command to install.

# yum install firewalld / / install firewalld Firewall

Start the service

# systemctl start firewalld.service

Turn off the firewall

# systemctl stop firewalld.service

Power on and start automatically

# systemctl enable firewalld.service

Turn off power on brake start

# systemctl disable firewalld.service

View statu

# systemctl status firewalld

If the result is

● firewalld.service-firewalld-dynamic firewall daemon

Loaded: loaded (/ usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

Active: active (running) since mon 2016-09-05 02:34:07 utc; 15min ago

Main pid: 3447 (firewalld)

Cgroup: / system.slice/firewalld.service

└─ 3447 / usr/bin/python-es / usr/sbin/firewalld-nofork-nopid

Sep 05 02:34:07 vultr.guest systemd [1]: starting firewalld-dynamic firewall daemon...

Sep 05 02:34:07 vultr.guest systemd [1]: started firewalld-dynamic firewall daemon.

There is no problem with such an explanation.

Set up firwall

Use the firewall-cmd command

View statu

# firewall-cmd-- state / / running means running

Get the active area

# firewall-cmd-get-active-zones

This command outputs the interfaces contained in each area in the following format:

:..:..

Get all supported services

# firewall-cmd-get-service

Each service is separated by a space, for example:

Rh-satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server wbem-http

The services supported by the permanent option are also expended after restart

# firewall-cmd-- get-service-- permanent / / in firewalld versions prior to 0.3.0, the panic options are-enable-panic and-disable-panic

Turn on emergency mode to block all network connections

# firewall-cmd-- panic-on / / in firewalld versions prior to 0.3.0, the panic options are-enable-panic and-disable-panic

Turn off emergency mode

# firewall-cmd-panic-off

View the status of emergency mode

# firewall-cmd-query-panic

Reload the firewall without changing the state:

# firewall-cmd-reload

The firewall predefined service profile is the xml file directory in / usr/lib/firewalld/services/

There are configuration files in the / etc/firewalld/services/ directory, but the / etc/firewalld/services/ directory takes precedence over the / usr/lib/firewalld/services/ directory

Use the command to reload after modifying the configuration file

# firewall-cmd-reload

Enable a service

# firewall-cmd-zone=public-add-service=https / / temporary # firewall-cmd-permanent-zone=public-add-service=https / / permanent

Open a port

# firewall-cmd-permanent-zone=public-add-port=8080-8081/tcp / / permanent # firewall-cmd-zone=public-add-port=8080-8081/tcp / / temporary

Use the command to load settings

# firewall-cmd-reload

View open ports and services

# firewall-cmd-- permanent-- zone=public-- list-services / / Service spaces such as dhcpv6-client https ss # firewall-cmd-- permanent-- zone=public-- list-ports / / Port spaces such as 8080-8081/tcp 8388/tcp 80/tcp

The / etc/firewalld/zones/public.xml file is modified each time the port and service are modified, so it can also be modified and reloaded between files.

Set an ip to access a service

# firewall-cmd-permanent-zone=public-add-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.4 source address= 24 "service name=" http "accept"

Ip 192.168.0.4 Compact 24 visits http

After setting, public.xml will change.

Delete the rule set above

# firewall-cmd-permanent-zone=public-remove-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.4 source address= 24 "service name=" http "accept"

Start the service

# systemctl start firewalld.service / / enable service # systemctl enable firewalld.service / / boot brake start # systemctl stop firewalld.service / / close service # systemctl disable firewalld.service / / disable boot startup on "firewall Firewall Command instance Analysis in centos7" this article ends here, thank you for reading! I believe you all have a certain understanding of the knowledge of "firewall Firewall Command instance Analysis in centos7". If you want to learn more knowledge, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.