In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Centos 7 Firewall fundamentals-theoretical structure: an Overview of Firewalld the relationship between Firewalld and iptables Overview of the configuration method of Firewalld Network area Firewalld Firewall Firewalld
A dynamic firewall management tool that supports network connections and interface security levels defined by the network area
Support for IPV4, IPV6 firewall settings, and Ethernet bridge
Support services or applications to add firewall rule interfaces directly
Have two different configuration modes
Run-time configuration
Permanent configuration
The relationship between Firewalld and iptables
Netfilter
is a filtering tool located in the Linux kernel
is called the "kernel state" of Linux firewall.
Firewalld/iptables
Default tools for managing firewall rules in Centos 7
is called the "user mode" of Linux firewall.
The difference between Firewalld and iptables FirwalldIptables profile / usr/lib/firewalld/, / etc/firewalld//etc/sysconfig/iptables Modification of rules do not refresh all policies, do not lose existing connection policies all refresh, lose connection types dynamic firewall static firewall Firewalld network area
Introduction to all relevant areas:
Zone description drop (drop) any received network packets are discarded without any reply. Only outgoing network connections block (restricted) any received network connections are rejected by IPv4's icmp-hot-prohibited messages and IPv6's icmp6-adm-prohibited messages public (public)-- used in public areas by default, you can't believe that other computers in the network will not cause harm to your computer, and can only receive selected connections external (external), especially extranets with camouflage enabled for routers. You cannot trust other computing from the network, cannot trust that they will not cause harm to your computer, and can only receive the selected connection dmz (demilitarized zone) for your computers in the demilitarized zone, which is publicly accessible, has limited access to your internal network, and only receives the selected connection work (work) for use in the work area. You can basically believe that other computers in the network will not harm your computer. Only receive the selected connection home (home) for use in the home network. You can basically believe that other computers in the network will not harm your computer. Only the selected connection internal (internal) is received for the internal network. You can basically trust that other computers in the network will not threaten your computer. Accept only selected connections trusted (trust) can accept all network connections
NAT transfers private network address to public network address one to one
PAT transfers private network address to public network address from one to one (distinguished by port)
benefits: effective savings in IP address resources
Configuration method of Firewalld Firewall
Check the data source address:
1. If the source address is associated with a specific area, the rules made by that area are enforced.
two。 If the source address is not associated to a specific area, use the area of the incoming network interface and enforce the rules established by that area
3. If the network interface is not associated to a specific area, the rule specified by the default area is used * *
Runtime configuration:
1. Takes effect in real time and continues until Firewalld restarts or reloads the configuration
two。 Do not break existing links
3. Cannot modify service configuration
Permanent configuration:
1. Does not take effect immediately unless Firewalld restarts or reloads the configuration
two。 Terminal existing connection
3. You can modify the service configuration
Configuration files in Firewalld
Firewalld gives priority to the configuration in / etc/firewalld/ and copies it through the / usr/lib/firewalld/ directory if no configuration file exists in that directory.
/ etc/firewalld/: user-defined profile.
/ usr/lib/firewalld/: default configuration file, it is best not to modify it. If you want to revert to the default configuration, you can delete the configuration in / etc/firewalld/ directly.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.