Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "what are the operation commands of CentOS7 firewall". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Installation:

Yum install firewalld

1. Basic use of firewalld

Launch: systemctl start firewalld

View status: systemctl status firewalld

Disable, disable boot: systemctl disable firewalld

Stop running: systemctl stop firewalld

two。 Configure firewalld-cmd

View version: firewall-cmd-- version

Check out help: firewall-cmd-help

Display status: firewall-cmd-- state

View all open ports: firewall-cmd-- zone=public-- list-ports

Update firewall rules: firewall-cmd-- reload

Update firewall rules and restart the service: firewall-cmd-- completely-reload

View activated Zone information: firewall-cmd-- get-active-zones

View the area to which the specified API belongs: firewall-cmd-- get-zone-of-interface=eth0

Reject all packages: firewall-cmd-- panic-on

Cancel rejection status: firewall-cmd-- panic-off

Check whether to reject: firewall-cmd-- query-panic

3. Trust level, specified by the value of Zone

Drop: discard all incoming packets without giving any response

Block: rejects all externally initiated connections and allows internally initiated connections

Public: allows the specified entry into the connection

External: as above, the incoming connection to camouflage is generally used for routing and forwarding.

Dmz: allow restricted access to the connection

Work: allows trusted computers to have restricted access to connections, similar to workgroup

Home: ditto, similar to homegroup

Internal: same as above, the scope is for all Internet users

Trusted: trust all connections

4.firewall opens and closes the port

The following all refer to the operations under the zone of public. Different Zone can simply change the value after Zone.

Add: firewall-cmd-- zone=public-- add-port=80/tcp-- permanent (--permanent takes effect permanently. It will expire after restart without this parameter)

Reload: firewall-cmd-- reload

View: firewall-cmd-- zone=public-- query-port=80/tcp

Delete: firewall-cmd-- zone=public-- remove-port=80/tcp-- permanent

5. Management service

Take the smtp service as an example, add it to work zone

Add: firewall-cmd-zone=work-add-service=smtp

View: firewall-cmd-- zone=work-- query-service=smtp

Delete: firewall-cmd-- zone=work-- remove-service=smtp

5. Configure IP address camouflage

View: firewall-cmd-- zone=external-- query-masquerade

Open: firewall-cmd-- zone=external-- add-masquerade

Close: firewall-cmd-- zone=external-- remove-masquerade

6. Port forwarding

To enable port forwarding, you first need to open the IP address camouflage firewall-cmd-- zone=external-- add-masquerade

Forward tcp port 22 to 3753: firewall-cmd-- zone=external-- add-forward-port=22:porto=tcp:toport=3753

Forward port data to the same port of another IP: firewall-cmd-- zone=external-- add-forward-port=22:porto=tcp:toaddr=192.168.1.112

Forward port data to port 3753 of another IP: firewall-cmd-- zone=external-- add-forward-port=22:porto=tcp::toport=3753:toaddr=192.168.1.112

6.systemctl is the main tool in CentOS7's service management tools, which combines the functions of service and chkconfig.

Start a service: systemctl start firewalld.service

Shut down a service: systemctl stop firewalld.service

Restart a service: systemctl restart firewalld.service

Displays the status of a service: systemctl status firewalld.service

Enable a service at boot time: systemctl enable firewalld.service

Disable one service at boot time: systemctl disable firewalld.service

Check to see if the service is powered on: systemctl is-enabled firewalld.service

View the list of started services: systemctl list-unit-files | grep enabled

View the list of services that failed to start: systemctl-- failed

This is the end of the content of "what are the operation commands of CentOS7 firewall". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.