Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The Foundation of Centos 7 Firewall-- Theory

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Centos 7 Firewall fundamentals-theoretical structure: an Overview of Firewalld the relationship between Firewalld and iptables Overview of the configuration method of Firewalld Network area Firewalld Firewall Firewalld

A dynamic firewall management tool that supports network connections and interface security levels defined by the network area

Support for IPV4, IPV6 firewall settings, and Ethernet bridge

Support services or applications to add firewall rule interfaces directly

Have two different configuration modes

Run-time configuration

Permanent configuration

The relationship between Firewalld and iptables

Netfilter

​ is a filtering tool located in the Linux kernel

​ is called the "kernel state" of Linux firewall.

Firewalld/iptables

Default tools for managing firewall rules in ​ Centos 7

​ is called the "user mode" of Linux firewall.

The difference between Firewalld and iptables FirwalldIptables profile / usr/lib/firewalld/, / etc/firewalld//etc/sysconfig/iptables Modification of rules do not refresh all policies, do not lose existing connection policies all refresh, lose connection types dynamic firewall static firewall Firewalld network area

Introduction to all relevant areas:

Zone description drop (drop) any received network packets are discarded without any reply. Only outgoing network connections block (restricted) any received network connections are rejected by IPv4's icmp-hot-prohibited messages and IPv6's icmp6-adm-prohibited messages public (public)-- used in public areas by default, you can't believe that other computers in the network will not cause harm to your computer, and can only receive selected connections external (external), especially extranets with camouflage enabled for routers. You cannot trust other computing from the network, cannot trust that they will not cause harm to your computer, and can only receive the selected connection dmz (demilitarized zone) for your computers in the demilitarized zone, which is publicly accessible, has limited access to your internal network, and only receives the selected connection work (work) for use in the work area. You can basically believe that other computers in the network will not harm your computer. Only receive the selected connection home (home) for use in the home network. You can basically believe that other computers in the network will not harm your computer. Only the selected connection internal (internal) is received for the internal network. You can basically trust that other computers in the network will not threaten your computer. Accept only selected connections trusted (trust) can accept all network connections

NAT transfers private network address to public network address one to one

PAT transfers private network address to public network address from one to one (distinguished by port)

​ benefits: effective savings in IP address resources

Configuration method of Firewalld Firewall

Check the data source address:

1. If the source address is associated with a specific area, the rules made by that area are enforced.

two。 If the source address is not associated to a specific area, use the area of the incoming network interface and enforce the rules established by that area

3. If the network interface is not associated to a specific area, the rule specified by the default area is used * *

Runtime configuration:

1. Takes effect in real time and continues until Firewalld restarts or reloads the configuration

two。 Do not break existing links

3. Cannot modify service configuration

Permanent configuration:

1. Does not take effect immediately unless Firewalld restarts or reloads the configuration

two。 Terminal existing connection

3. You can modify the service configuration

Configuration files in Firewalld

​ Firewalld gives priority to the configuration in / etc/firewalld/ and copies it through the / usr/lib/firewalld/ directory if no configuration file exists in that directory.

​ / etc/firewalld/: user-defined profile.

​ / usr/lib/firewalld/: default configuration file, it is best not to modify it. If you want to revert to the default configuration, you can delete the configuration in / etc/firewalld/ directly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report