Shulou(Shulou.com)06/01 Report--

This article mainly analyzes the Linux system how to use firewall to limit or open IP and port related knowledge points, the content is detailed and easy to understand, the operation details are reasonable, and has a certain reference value. If you are interested, you might as well follow the editor to have a look, and follow the editor to learn more about "how to use firewall to restrict or open IP and ports in Linux systems".

1. Check the firewall status 1. First, check whether the firewall is enabled. If it is not enabled, you need to turn on the firewall and boot automatically.

Systemctl status firewalld

Turn on the firewall and set to boot

Systemctl start firewalld systemctl enable firewalld generally needs to restart the machine, otherwise the settings made later may not take effect.

Open or restrict port 1, open port (1) Port 22 to be used if we need to open a XShell connection

Firewall-cmd-zone=public-add-port=22/tcp-permanent

Among them, the function of-permanent is to make the setting take effect permanently. If not, it will become invalid after the machine restarts.

(2) reload the firewall settings to make them effective

Firewall-cmd-reload

(3) you can check whether it is effective by using the following command

Firewall-cmd-zone=public-query-port=22/tcp

(4) the following command allows you to view all ports open by the current system

Firewall-cmd-zone=public-list-ports

2. Limit port (1) for example, we need to close port 22 which has just been opened.

Firewall-cmd-zone=public-remove-port=22/tcp-permanent

(2) reload the firewall settings to make them effective

Firewall-cmd-reload

(3) if you check all the open ports in the system, you can see that there are no ports 22.

Firewall-cmd-zone=public-list-ports

3. Batch open or restrict ports (1) batch open ports. For example, we need to open all ports between 100 and 500.

Firewall-cmd-zone=public-add-port=100-500/tcp-permanent

(2) reload the firewall settings to make them effective

Firewall-cmd-reload

(3) if you look at all the open ports in the system, you can see that all the ports from 100 to 500 have been opened.

Firewall-cmd-zone=public-list-ports

(4) similarly, the batch limit port is

Firewall-cmd-- zone=public-- remove-port=100-500/tcp-- permanent firewall-cmd-- reload III. Open or restrict IP1, restrict IP address access (1) for example, restrict access to port 80 for an address with an IP of 192.168.0.200, that is, access to the machine is prohibited.

Firewall-cmd-permanent-add-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.200 "port protocol=" tcp "port=" 80 "reject"

(2) reload the firewall settings to make them effective

Firewall-cmd-- reload (3) View the rules that have been set

Firewall-cmd-zone=public-list-rich-rules

2. Lift the IP address restriction (1) lift the 192.168.0.200 that has just been restricted

Firewall-cmd-permanent-add-rich-rule= "rule family=" ipv4 "source address=" 192.168.0.200 "port protocol=" tcp "port=" 80 "accept"

(2) reload the firewall settings to make them effective

Firewall-cmd-- reload (3) looks again at the rule settings and finds that there is no limit of 192.168.0.200

Firewall-cmd-zone=public-list-rich-rules

If the setting does not take effect, you can try to edit the rules file directly, delete the original setting rules, and reload the firewall

Vi / etc/firewalld/zones/public.xml

3. Restrict the IP address range (1) if we need to restrict the IP of the entire segment 10.0.0.0-10.0.0.255, prohibit them from accessing

Firewall-cmd-- permanent-- add-rich-rule= "rule family=" ipv4 "source address=" 10.0.0.0IP 24 "port protocol=" tcp "port=" 80 "reject" where 10.0.0.0Universe 24 represents an IP starting from 10.0.0.0, and 24 represents a subnet mask of 255.255.255.0, which contains 256 addresses, that is, a total of 256 addresses from 0 to 255,256 IP, which exactly limits the IP address of this entire segment. For more information, please see the table below.

(2) reload the firewall settings to make them effective

Firewall-cmd-- reload (3) check the rules to confirm whether they are in effect

Firewall-cmd-- zone=public-- list-rich-rules (4) similarly, the opening limit is

Firewall-cmd-permanent-add-rich-rule= "rule family=" ipv4 "source address=" 10.0.0.0 firewall-cmd 24 "port protocol=" tcp "port=" 80 "accept" firewall-cmd-what are the versions of reloadLinux: Deepin, UbuntuKylin, Manjaro, LinuxMint, Ubuntu, etc. Among them, Deepin is one of the best-developed Linux distributions in China; UbuntuKylin is a derivative release based on Ubuntu; Manjaro is a Linux release based on Arch; LinuxMint's default Cinnamon desktop is similar to Windows XP's easy-to-use; Ubuntu is the Linux operating system based on desktop applications.

This is the end of the introduction on "how to use firewall to restrict or open IP and ports in Linux system". More related content can be searched for previous articles, hoping to help you answer questions and questions, please support the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.