Shulou(Shulou.com)06/01 Report--

This article mainly introduces the firewall rule settings and command example analysis, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

one。 Set firewall rules

Example 1: exposed port 8080

Firewall-cmd-permanent-add-port=8080/tcp

Example 2: make port 3306 of the mysql service accessible only to servers in the 192.168.1.1 port 24 network segment.

# add rule firewall-cmd-permanent-add-rich-rule= "rule family=" ipv4 "source address=" 192.168.1.1 go 24 "port protocol=" tcp "port=" 3306 "accept" # reload to make it effective firewall-cmd-reload

Example 3: Port forwarding, forwarding access to port 3306 of the machine to port 3306 of the 192.168.1.1 server

# enable masquerade IPfirewall-cmd-- permanent-- add-masquerade# configure port forwarding firewall-cmd-- permanent-- add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306

Note: if masquerade IP is not enabled, port forwarding will fail; second, make sure that the port (3306) on the source server and the port (13306) on the target server are open.

two。 Firewall command

1. Start, stop, restart firewalld

1. Stop it

Systemctl stop firewalld.service

two。 Start

Systemctl start firewalld.service

3. Restart

Systemctl restart firewalld.service

4. View status:

Systemctl status firewalld

5. Disable firewall boot

Systemctl disable firewalld

6. Set up to power on the firewall:

Systemctl enable firewalld.service

two。 View firewall rules and status

1. View the default firewall status (show notrunning when off, running when turned on)

Firewall-cmd-state

two。 View firewall rules (only show firewall policies in / etc/firewalld/zones/public.xml)

Firewall-cmd-list-all

3. View all firewall policies (that is, show all policies under / etc/firewalld/zones/)

Firewall-cmd-list-all-zones

4. Reload the configuration file

Firewall-cmd-reload

3. Configure firewalld-cmd

View version: firewall-cmd-- version View help: firewall-cmd-- help display status: firewall-cmd-- state View all open ports: firewall-cmd-- zone=public-- list-ports Update Firewall rules: firewall-cmd-- reload View Zone Information: firewall-cmd-- get-active-zones View the zone of the specified interface: firewall-cmd-- get-zone-of-interface=eth0 reject all packets: firewall-cmd-- panic -on cancel rejection status: firewall-cmd-- panic-off check whether to reject: firewall-cmd-- query-panic

4. So how do you open a port?

1. Add (--permanent takes effect permanently, without this parameter, it will expire after restart)

Firewall-cmd-zone=public-add-port=80/tcp-permanent

two。 Reload (modify the rule to make it effective)

Firewall-cmd-reload

3. View

Firewall-cmd-zone= public-query-port=80/tcp

4. Delete

Firewall-cmd-zone= public-remove-port=80/tcp-permanent

Because the corresponding rules of ssh.xml are defined beforehand in / usr/lib/firewalld/services/

5. Systemctl is the main tool in CentOS7's service management tools, which combines the functions of service and chkconfig.

Start a service: systemctl start firewalld.service shuts down a service: systemctl stop firewalld.service restarts a service: systemctl restart firewalld.service displays the status of a service: systemctl status firewalld.service enables a service when booting: systemctl enable firewalld.service disables a service when booting: systemctl disable firewalld.service to see if the service is powered on: systemctl is-enabled firewalld.service to view a list of started services: systemctl list-unit-files | grep enabled check Look at the list of services that failed to start: systemctl-- failed Thank you for reading this article carefully I hope the article "sample Analysis of firewall Rule Settings and commands" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.