Shulou(Shulou.com)06/02 Report--

This article "Linux system how to view and configure the firewall" in addition to the program most people do not understand, today Xiaobian in order to let everyone better understand "Linux system how to view and configure the firewall", to summarize the following content, has a certain reference value, the content detailed steps are clear, the details are properly handled, I hope everyone through this article has something to gain, let's take a look at the specific content together.

CentOS 7 is very different from previous versions of firewalls. CentOS 7 uses firewall, which is different from iptables used in Centos 6. Centos 7 firewall: 1. Basic use of firewall d

Start: systemctl start firewalld

Close: systemctl stop firewalld

View status: systemctl status firewalld

systemtl disable firewall

Boot enable: systemctl enable firewalld

systemctl is the main tool in CentOS 7 service management tools, which integrates the functions of service and chkconfig before.

Start a service: systemctl start firewalld.service

Close a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Show the status of a service: systemctl status firewalld.service

Enable a service at boot time: systemctl enable firewalld.service

Disable a service at boot time: systemctl disable firewalld.service

Check whether the service is started: systemctl is-enabled firewalld.service

View list of started services: systemctl list-unit-files| grep enabled

View the list of failed startup services: systemctl-failed

3. Configure firewalld-cmd

View version: firewall-cmd-version

View Help: firewall-cmd-help

Display status: firewall-cmd-state

View all open ports: firewall-cmd-zone=public-list-ports

Update firewall rules: firewall-cmd-reload

View area information: firewall-cmd-get-active-zones

View the zone to which the specified interface belongs: firewall-cmd-get-zone-of-interface=eth0

Refuse all packages: firewall-cmd-panic-on

Cancel rejection status: firewall-cmd-panic-off

See whether to reject: firewall-cmd-query-panic

So how do you open a port?

added

firewall-cmd-zone=public-add-port=80/tcp-permanent

reload

firewall-cmd –reload

Views

firewall-cmd –zone= public –query-port=80/tcp

delete

firewall-cmd –zone= public –remove-port=80/tcp –permanent

Adjust the default policy (Deny all access by default to Allow all access):

firewall-cmd –permanent –zone=public –set-target=ACCEPT

firewall-cmd –reload

Open multiple ports for an IP:

firewall-cmd –permanent –add-rich-rule="rule family="ipv4″ source address="10.159.60.29″ port protocol="tcp" port="1:65535″ accept"

firewall-cmd –reload

Centos 6 iptables: 1. Basic use of iptables

Service iptables start

Close: service iptables stop

View status: service iptables status

Power-on disabled: chkconfig iptables off

Boot enabled: chkconfig iptables on

2. Open the designated port

The-A and-I arguments are added to the end of the rule and to the front of the rule, respectively.

#Allow local loopback interfaces (i.e. running native to access native)iptables -A INPUT -i lo -j ACCEPT#Allow established or associated traffic iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT#Allow all native outbound access iptables -P INPUT ACCEPT iptables-A OUTPUT -j ACCEPT#Allow access to 22 port iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables-A INPUT-p tcp -s 10.159.1.0/24--dport 22-j ACCEPT Note: -s can be followed by IP segment or specified IP address #Allow access to port 80 iptables -A INPUT -p tcp --dport 80 -j ACCEPT#Allow FTP services on ports 21 and 20 iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables-A INPUT -p tcp --dport 20 -j ACCEPT#If there are other ports, the rules are similar,#Allow pingiptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT#Disable access to iptables -A INPUT -j REJECT by other rules that are not allowed #(Note: If port 22 does not have an allow rule added, SSH links will be broken directly.) iptables -A FORWARD -j REJECT3. Shield IP#If you only want to shield IP,"3. Open the specified port" can be skipped directly.# The command to mask a single IP is iptables -I INPUT -s 123.45.6.7-j DROP#The command to seal the entire segment, i.e., from 123.0.0.1 to 123.255.254 iptables -I INPUT -s 123.0.0.0/8-j DROP#The command to seal the IP segment, i.e., from 123.45.0.1 to 123.45.254 iptables -I INPUT -s 124.45.0.0/16-j DROP#The command to seal the IP segment, i.e., from 123.45.6.1 to 123.45.6.254 is iptables -I INPUT -s 123.45.6.0/24-j DROP4.

iptables -L -n

N: only IP address and port number are displayed, IP is not resolved to domain name

Remove rules for added iptables

Display all iptables with serial numbers and execute:

iptables -L -n --line-numbers

For example, if you want to delete the rule with sequence number 8 in INPUT, execute:

iptables -D INPUT 8

5. You can also edit the configuration file directly and add iptables firewall rules:

The configuration file for iptables is/ etc / sysconfig / iptables

Edit profile:

vi /etc/sysconfig/iptables

The configuration rules in the file are similar to those in the iptables command:

For example, the iptables command configuration allows access to port 80:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Then, in the file configuration, just need to remove the iptables at the beginning of the sentence, add the following:

-A INPUT -p tcp --dport 80 -j ACCEPT

Save exit.

There are two ways to add rules

iptables -A and iptables -I

iptables -A Rules added are added at the end. For example, add a rule to the INPUT chain to receive data from the eth0 port and the source address is 192.168.0.0/16.

[root@localhost ~]# iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT

iptables -I Rules added by default are added to the first rule.

If you want to specify where to insert the rule, you can specify the position sequence number with iptables -I.

delete rule

If you delete a designation, use iptables -D, followed by a serial number. Please compare the effect with the above picture.

or iptables -D followed by detailed definitions;

If you want to eliminate all rules, use iptables -F.

Backup iptables rules

Use the iptables-save command, such as:

[root@localhost ~]# iptables-save > /etc/sysconfig/iptables.save

Restore iptables rules

Use iptables commands such as:

[root@localhost ~]# iptables-restore

iptables configuration save

The configuration changes made above will be lost after the device restarts. You can save it using service iptables save.

[root@localhost ~]# service iptables save

Restart iptables service to make it work:

service iptables save Save restart takes effect after adding rules.

service iptables restart

Linux versions are: Deepin, UbuntuKylin, Manjaro, LinuxMint, Ubuntu and other versions. Deepin is one of the best Linux distributions in China; Ubuntu Kylin is a derivative distribution based on Ubuntu;Manjaro is a Linux distribution based on Arch;LinuxMint's default Cinnamon desktop is similar to Windows XP and easy to use;Ubuntu is a Linux operating system based on desktop applications.

Thank you for your reading, I hope you have a certain understanding of the key issue of "how to view and configure the firewall in Linux system". The specific use situation also needs to be used by everyone to understand it. Try it quickly. If you want to read more articles related to knowledge points, please pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.