preface

firewall is used by default instead of iptables service in CentOS7.0. The iptables command has been retained, but only with the same name.

firewall is a major feature of centos7, with two major benefits:

Support dynamic update You don’t have to restart the service;

The usage of Firewall firewall configuration under CentOS7 can be viewed through this article. The main content of this article is about the common commands of centos firewall in centos 7.

1. Turn firewall on and off

Activation:

systemctl start firewalld

View status:

systemctl status firewalld  or  firewall-cmd  � state

Stop:

systemctl disable firewalld

Disable:

systemctl stop firewalld

2. Port operation

Open 1 port:

firewall-cmd  � permanent  � add-port=8080/tcp

Close 1 port:

firewall-cmd  � permanent  � remove-port=8080/tcp

Open a service:

firewall-cmd  � permanent  � add-service=http

Shut down a service:

firewall-cmd  � permanent  � remove-service=http

Port forwarding:

firewall-cmd  � permanent  � add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55

Allow forwarding to other addresses:

firewall-cmd  � permanent  � add-masquerade

Reload the firewall:

systemctl status firewalld  or  firewall-cmd  � state

0

3. The configuration firewall

View version:

systemctl status firewalld  or  firewall-cmd  � state

1

See help:

systemctl status firewalld  or  firewall-cmd  � state

2

View Settings:

Display status: $ firewall-cmd �state View area information: $ firewall-cmd �get-active-zones View the region of the specified interface: $ firewall-cmd �get-zone-of-interface=eth0

Reject all packages:

firewall-cmd  � panic-on

Cancel reject status:

systemctl status firewalld  or  firewall-cmd  � state

4

Check whether to reject:

systemctl status firewalld  or  firewall-cmd  � state

5

conclusion