Shulou(Shulou.com)06/02 Report--

1. Centos6 firewall command

1. View firewall rules

# iptables-L

2. Status, turn on, turn off, restart the firewall

# service iptables status

# service iptables start

# service iptables stop

# service iptables restart

Permanently turn off the firewall

# chkconfig iptables off

Restart after permanent shutdown

# chkconfig iptables on

3. Open an 80-port experiment

# vi / etc/sysconfig/iptables

Add the following

-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT

Operation commands of CentOS7 Firewall (firewall)

Installation: yum install firewalld

2. Firewall command under centos7

1. Basic use of firewalld

Launch: systemctl start firewalld

View status: systemctl status firewalld

Disable, disable boot: systemctl disable firewalld

Stop running: systemctl stop firewalld

two。 Configure firewalld-cmd

View version: firewall-cmd-- version

Check out help: firewall-cmd-help

Display status: firewall-cmd-- state

View all open ports: firewall-cmd-- zone=public-- list-ports

Update firewall rules: firewall-cmd-- reload

Update firewall rules and restart the service: firewall-cmd-- completely-reload

View activated Zone information: firewall-cmd-- get-active-zones

View the area to which the specified API belongs: firewall-cmd-- get-zone-of-interface=eth0

Reject all packages: firewall-cmd-- panic-on

Cancel rejection status: firewall-cmd-- panic-off

Check whether to reject: firewall-cmd-- query-panic

3. Trust level, specified by the value of Zone

Drop: discard all incoming packets without giving any response

Block: rejects all externally initiated connections and allows internally initiated connections

Public: allows the specified entry into the connection

External: as above, the incoming connection to camouflage is generally used for routing and forwarding.

Dmz: allow restricted access to the connection

Work: allows trusted computers to have restricted access to connections, similar to workgroup

Home: ditto, similar to homegroup

Internal: same as above, the scope is for all Internet users

Trusted: trust all connections

4.firewall opens and closes the port

The following all refer to the operations under the zone of public. Different Zone can simply change the value after Zone.

Add:

Firewall-cmd-- zone=public-- add-port=80/tcp-- permanent (--permanent takes effect permanently, and becomes invalid after restart without this parameter)

Reload:

Firewall-cmd-reload

View:

Firewall-cmd-zone=public-query-port=80/tcp

Delete:

Firewall-cmd-zone=public-remove-port=80/tcp-permanent

5. Management service

Take the smtp service as an example, add it to work zone

Add:

Firewall-cmd-zone=work-add-service=smtp

View:

Firewall-cmd-zone=work-query-service=smtp

Delete:

Firewall-cmd-zone=work-remove-service=smtp

6. Configure IP address camouflage

View:

Firewall-cmd-zone=external-query-masquerade

Open:

Firewall-cmd-zone=external-add-masquerade

Close:

Firewall-cmd-zone=external-remove-masquerade

7. Port forwarding

To enable port forwarding, you first need to turn on IP address camouflage

Firewall-cmd-zone=external-add-masquerade

Forward tcp port 22 to 3753:

Firewall-cmd-zone=external-add-forward-port=22:porto=tcp:toport=3753

Forward port data to the same port of another IP:

Firewall-cmd-zone=external-add-forward-port=22:porto=tcp:toaddr=192.168.1.112

Forward port data to port 3753 of another IP:

Firewall-cmd-zone=external-add-forward-port=22:porto=tcp::toport=3753:toaddr=192.168.1.112

8.systemctl is the main tool in CentOS7's service management tools, which combines the functions of service and chkconfig.

Start a service: systemctl start firewalld.service

Shut down a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Displays the status of a service: systemctl status firewalld.service

Enable a service at boot time: systemctl enable firewalld.service

Disable one service at boot time: systemctl disable firewalld.service

Check to see if the service is powered on: systemctl is-enabled firewalld.service

View the list of started services: systemctl list-unit-files | grep enabled

View the list of services that failed to start: systemctl-- failed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.