Shulou(Shulou.com)06/01 Report--

This article is about how to use CentOS7 Firewall and open ports. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Summary (there is a more detailed explanation from the official)

Firewalld provides a dynamically managed firewall that supports network / firewall zones and is used to define the trust level of network connections or interfaces. It supports IPv4,IPv6 firewall settings, Ethernet bridge and IP sets. The runtime and permanent configuration options are separate. It also provides an interface for services or applications to add firewall rules directly.

Since it is simple to use, you must be taught how to check the status of the firewall, as well as whether the firewall is turned off or on. We all know that since the firewall is on, then it must have some port restrictions. You can't say that you can access our host (that is, the server) through which ports you want to go through. In other words, which ports have I opened? You can access my host through these ports I open, otherwise why do we need a firewall? whoever wants to come in (or through any port), the firewall will not be equipped. When it comes to firewalls, firewalls have software and physical settings (a professional physical device in the network). Well, what we are talking about here is the software-level firewall, that is, Firewalld. The software firewall commonly used in versions below CentOS7 is Firewalld. Why is it widely used in versions below CentOS7? This is because the previous versions of CentOS all use the iptables firewall, which can be traced back to the development of CentOS7 and the relationship between RedHad. Ha, the main purpose of using firewalls is to manage the security of our hosts, and the main part of them is port management!

Query firewall status

Shell

# systemctl status firewalld

Execute

[warnerwu@localhost ~] $systemctl status firewalld ● firewalld.service-firewalld-dynamic firewall daemon Loaded: loaded (/ usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld (1)

Start the firewall

Note: firewall only administrators or administrator user groups have the right to manage operations, but ordinary users cannot

Shell

# systemctl start firewalld

Execute

[root@localhost~] # systemctl start firewalld [root@localhost~] #

You will find that there is nothing. Friends who play linux or osx system all know that there is no hint, that is the best hint, that means it has been successful, and when there is a hint, there will be a problem.

Check the firewall status again

Shell

# systemctl status firewalld

Execute

[root@localhost] # sudo systemctl status firewalld ● firewalld.service-firewalld-dynamic firewall daemon Loaded: loaded (/ usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since five 2018-09-07 00:04:55 CST 5min ago Docs: man:firewalld (1) Main PID: 11339 (firewalld) CGroup: / system.slice/firewalld.service └─ 11339 / usr/bin/python-Es / usr/sbin/firewalld-- nofork-- nopid9 07 00:04:55 izj6c3bcx7adgva5dda2e0z systemd [1]: Starting firewalld-dynamic firewall daemon...9 07 00:04:55 izj6c3bcx7adgva5dda2e0z systemd [1]: Started firewalld-dynamic firewall daemon.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: ICMP type 'beyond- Scope' is not supported by the kernel for ipv6.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type. Ignorin...-time.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type. Ignori...-time.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.9 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld [11339]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignorin...-time.Hint: Some lines were ellipsized, use-l to show in full.

Um, you will find that it is already running, just like this, oh, and one more thing to say, then if you know enough about CentOS7 or RedHat7, you will be very familiar with what systemctl is. She is a system service management tool, a system tool used to manage system services, and you can't be wrong if you understand it this way! Previous versions of CentOS use service for system service management. For more information about systemctl or service, please use Baidu or Google. We simply finished, check the status of the firewall and how to start the firewall, then let's talk about how to open the port!

View the list of firewall open ports

The port management of the firewall is managed through the firewall-cmd command. This must be clear, and it is also the key for you to manage the system port. Um, it is her, it is her, she is so coquettish, , there is nothing you can do with her, no, you can play with her obediently and pasted, what! You're thinking too much. I didn't say anything. Oh, you think so.

Shell

# firewall-cmd-list-all

Execute

[root@localhost ~] # firewall-cmd-- list-allpublic target: default icmp-block-inversion: no interfaces: services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:

You will find it is so empty, there is no open port, well, this is a newly installed linux system, yours may be the same as mine, may be different, this should be noted

Add an open port to the firewall

For example, if we open port 80, other users can visit my site.

Shell

/ / Step1: add the open port to the configuration file # firewall-cmd-- zone=public-- add-port=80/tcp-- permanent--zone=public add time zone-- add-port=80/tcp add port-- permanent takes effect permanently / / load the new firewall configuration file (enter the following command as root to reload the firewall without interrupting the user connection, that is, without losing status information. ) firewall-cmd-- reload

Check the list of firewall open ports again

Shell

# firewall-cmd-list-all

Execute

[root@localhost ~] # firewall-cmd-- list-allpublic target: default icmp-block-inversion: no interfaces: services: ssh dhcpv6-client ports: 80/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:

This time you will find that ports corresponds to an extra 80/tcp, which means it has been added to the firewall open list.

1. Basic use of firewalld

Launch: systemctl start firewalld

Turn off: systemctl stop firewalld

View status: systemctl status firewalld

Power on disabled: systemctl disable firewalld

Power on: systemctl enable firewalld

2.systemctl is the main tool in CentOS7's service management tools, which combines the functions of service and chkconfig.

Start a service: systemctl start firewalld.service

Shut down a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Displays the status of a service: systemctl status firewalld.service

Enable a service at boot time: systemctl enable firewalld.service

Disable one service at boot time: systemctl disable firewalld.service

Check to see if the service is powered on: systemctl is-enabled firewalld.service

View the list of started services: systemctl list-unit-files | grep enabled

View the list of services that failed to start: systemctl-- failed

3. Configure firewalld-cmd

View version: firewall-cmd-- version

Check out help: firewall-cmd-help

Display status: firewall-cmd-- state

View all open ports: firewall-cmd-- zone=public-- list-ports

Update firewall rules: firewall-cmd-- reload

View area information: firewall-cmd-- get-active-zones

View the area to which the specified API belongs: firewall-cmd-- get-zone-of-interface=eth0

Reject all packages: firewall-cmd-- panic-on

Cancel rejection status: firewall-cmd-- panic-off

Check whether to reject: firewall-cmd-- query-panic

Thank you for reading! This is the end of the article on "how to use CentOS7 Firewall and Open Port". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.