Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to use Firewall under centos7". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

If a graphical interface is required, install the

# yum install firewalld

# yum install firewall-config

I. introduction

The firewall daemon firewalld service introduces a concept of trust level to manage the connections and interfaces associated with it. It supports ipv4 and ipv6, and supports bridges. It uses firewall-cmd (command) or firewall-config (gui) to dynamically manage the temporary or permanent interface rules of kernel netfilter, and take effect in real time without restarting the service.

Firewall can classify different network connections into different trust levels, and Zone provides the following levels

Drop: discard all incoming packets without giving any response

Block: rejects all externally initiated connections and allows internally initiated connections

Public: allows the specified entry into the connection

External: as above, the incoming connection to camouflage is generally used for routing and forwarding.

Dmz: allow restricted access to the connection

Work: allows trusted computers to have restricted access to connections, similar to workgroup

Home: ditto, similar to homegroup

Internal: same as above, the scope is for all Internet users

Trusted: trust all connections

II. Usage

# systemctl start firewalld # launch

# systemctl enable firewalld # Boot

# systemctl stop firewalld # shutdown

# systemctl disable firewalld # cancel boot and start

For specific rule management, you can use firewall-cmd, and specific usage can be

$firewall-cmd-help

1. View Rul

View running status

$firewall-cmd-state

View Zone information that has been activated

$firewall-cmd-get-active-zones

Public

Interfaces: eth0 eth2

View the Zone information of the specified interface

$firewall-cmd-get-zone-of-interface=eth0

Public

View interfaces at a specified level

$firewall-cmd-zone=public-list-interfaces

Eth0

View all the information at the specified level, such as public

$firewall-cmd-zone=public-list-all

Public (default, active)

Interfaces: eth0

Sources:

Services: dhcpv6-client http ssh

Ports:

Masquerade: no

Forward-ports:

Icmp-blocks:

Rich rules:

View information allowed at all levels

$firewall-cmd-get-service

View the services that are allowed in all Zones levels after restart, that is, services that are permanently released

$firewall-cmd-get-service-permanent

two。 Management rules

# firewall-cmd-- panic-on # discard

# firewall-cmd-- panic-off # cancel discarding

$firewall-cmd-- query-panic # View the discarding status

# firewall-cmd-- reload # update the rules and do not restart the service

# firewall-cmd-- complete-reload # update the rules and restart the service

Add an API to a trust level, such as eth0 to public, and then take effect permanently

# firewall-cmd-zone=public-add-interface=eth0-permanent

Set public to the default trust level

# firewall-cmd-set-default-zone=public

a. Management Port

List allowed entry ports at dmz level

# firewall-cmd-zome=dmz-list-ports

Allow tcp port 8080 to dmz level

# firewall-cmd-zone=dmz-add-port=8080/tcp

Allow a range of udp ports to reach the public level and take effect permanently

# firewall-cmd-zome=public-add-port=5060-5059/udp-permanent

b. Management service

Add smtp service to work zone

# firewall-cmd-zone=work-add-service=smtp

Remove smtp services from work zone

# firewall-cmd-zone=work-remove-service=smtp

c. Configure ip address camouflage

View

# firewall-cmd-zone=external-query-masquerade

Open the camouflage

# firewall-cmd-zone=external-add-masquerade

Turn off camouflage

# firewall-cmd-zone=external-remove-masquerade

d. Port forwarding

To open a port for forwarding, you need to first

# firewall-cmd-zone=external-add-masquerade

Then forward tcp port 22 to 3753

# firewall-cmd-zone=external-add-forward-port=port=22:proto=tcp:toport=3753

Forward port 22 data to the same port of another ip

# firewall-cmd-zone=external-add-forward-port=port=22:proto=tcp:toaddr=192.168.1.100

Forward data from port 22 to port 2055 of another ip

# firewall-cmd-zone=external-add-forward-port=port=22:proto=tcp:toport=2055:toaddr=192.168.1.100

The above are some common methods, more advanced methods, please refer to:

Https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html

Https://fedoraproject.org/wiki/FirewallD

This is the end of the content of "how to use Firewall under centos7". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.