Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to set up the Centos7 firewall". In the operation of the actual case, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The firewall used in CentOS 7 is firewall, which has been upgraded in iptables Firewall in CentOS 6.5.

Used to implement persistent network traffic rules.

You can dynamically modify individual rules and manage rule sets dynamically, allowing rules to be updated without breaking existing sessions and connections

Use regions (zone) and services (service)

The default is rejected, and it needs to be set up before it can be released.

The CentOS 7 release port needs to be set in both the CVM management backend and the server firewall to be valid. Note that reject all by default! The administrative background adds rules through permission groups.

Configuration directory

/ usr/lib/firewalld/services directory stores defined network service, port parameters and system parameters. Reference the service name when configuring

/ etc/firewalld/ is the configuration directory, and the usage area is under zones

Common command

Firewall-cmd: is a tool provided by Linux to manipulate firewall.

(1) firewalld service starts, shuts down, restarts, and sets boot self

# starting systemctl start firewalld#, shutting down systemctl stop firewalld#, rebooting systemctl restart firewalld#, booting systemctl enable firewalld#, canceling booting, starting systemctl disable firewalld#, checking whether to boot self-booting systemctl is-enabled firewalld

(2) add ports / services. Users can add ports by modifying the configuration file or by command. Note that the changes will also be reflected in the configuration file in the / etc/firewalld/ directory. For example, add tcp port 8020 in the public area

Firewall-cmd-zone=public-permanent-add-port=8010/tcp

-- permanent: set to persistent

-- add-port: identifies the added port

You can see that it has been added successfully in / etc/firewalld/zones/public.xml.

This configuration file can also be modified manually, such as adding services

Vi / etc/firewalld/zones/public.xmli join

You can also add it through-- add-service

Firewall-cmd-permanent-zone=public-add-service=mysql

Overloading can take effect firewall-cmd-reload.

(3) View rules

Firewall-cmd-list-all

(4) other

# View firewall status firewall-cmd-- state# view default domain firewall-cmd-- get-default-zone# view all domains firewall-cmd-- get-zones# view information on all domains firewall-cmd-- list-all-zones# view information on specified domains firewall-cmd-- zone=public-- list-all# view services that can be added firewall-cmd-- get-services# settings specify that the domain is the default domain Firewall-cmd-- this is the end of set-default-zone=public 's "how to set up Centos7 Firewall" Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.