Simple use of CentOS7 firewall and open port
- 2020-11-20 06:24:16
- OfStack
Overview (there are more official details)
Firewalld provides dynamically managed firewalls that support network/firewall areas that are used to define trust levels for network connections or interfaces. It supports IPv4, IPv6 firewall Settings, Ethernet Bridges, and IP sets. Separate the runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.
Since it is simple to use, that have to teach you how to check the firewall status, as well as the firewall, such as closing and opening, we all know that since the firewall is open, then it must be one port limit, can't say what you want to port through which ports, you can visit to our host (server), in other to talk, I open the which ports, you can through my open these ports on a visit to my host, otherwise why do we have a firewall, who want to come in, come in (or through any port), Firewall does not become unable to decoration, say to want to say one more sentence firewall, and setting up the physical aspects of a software firewall levels (1 professional physical devices within the network), that we are talking about software firewall is Firewalld, CentOS7 version commonly used software firewall is Firewalld below, why say CentOS7 the following version used widely in the & # 63; This is because the previous VERSION of CentOS is the use of iptables firewall, that is to say, it goes back to the development of CentOS7 and the relationship between RedHad, go further, we use the firewall is the main purpose of our host security management, which is the main part of the port management!
Query firewall status
shell
# systemctl status firewalld
execute
[warnerwu@localhost ~]$ systemctl status firewalld
low firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Start the firewall
Note: Only the administrator or administrator user group of the firewall has permission to conduct administrative operations, not ordinary users
shell
# systemctl start firewalld
execute
[root@localhost~]# systemctl start firewalld
[root@localhost~]#
You will find that there is nothing, as anyone who has played linux or osx knows, no prompt is the best prompt, indicating success. When prompted, 1 will have a problem
Check the firewall status again
shell
# systemctl status firewalld
execute
[root@localhost ~]# sudo systemctl status firewalld
low firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since 5 2018-09-07 00:04:55 CST; 5min ago
Docs: man:firewalld(1)
Main PID: 11339 (firewalld)
CGroup: /system.slice/firewalld.service
└ ─ 11339 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z systemd[1]: Starting firewalld - dynamic firewall daemon...
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z systemd[1]: Started firewalld - dynamic firewall daemon.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignorin...-time.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignori...-time.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
9 month 07 00:04:55 izj6c3bcx7adgva5dda2e0z firewalld[11339]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignorin...-time.
Hint: Some lines were ellipsized, use -l to show in full.
If you know CentOS7 or RedHat7 well enough, you will be very familiar with systemctl. It is a system service management tool. It is a system service management tool, which is used to manage system services. The previous VERSION of CentOS is the use of service system service management oh, about more systemctl or service information please start baidu or Google, we have simply said, check the state of the firewall and how to start the firewall, then we will talk about how to open the port!
View the list of firewall open ports
Firewall port management is through the firewall - cmd command to manage well, this one point must be clear, is also the key to your port management system, yes, yes, she is, she is, she is, she is so so coquettish, ha ha, you take her way 1 point to all have no, no, you can stick her play suit and submissive, what ah! You think too much, I did not say what oh, is your own think so ~
shell
# firewall-cmd --list-all
execute
[root@localhost ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
You'll notice it's so empty that it doesn't have any open ports, well, this is a new linux system, and yours may or may not be the same as mine, so be careful with that
Add open ports to firewalls
Let's say we open port 80 so other users can access my site
shell
// Step1: Add open ports to the configuration file
# firewall-cmd --zone=public --add-port=80/tcp --permanent
--zone=public Add the time zone
--add-port=80/tcp Add the port
--permanent permanent
// Load the new firewall configuration file ( In order to root The identity enters the following command to reload the firewall without interrupting the user's connection or losing state information . )
firewall-cmd --reload
Look again at the firewall open port list
shell
# firewall-cmd --list-all
execute
[warnerwu@localhost ~]$ systemctl status firewalld
low firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
0
This time you will see that ports has an additional 80/tcp, which means that it has been added to the firewall open list
1. Basic use of firewalld
Start: systemctl start firewalld
Close: systemctl stop firewalld
View status: systemctl status firewalld
Boot disabled: systemctl disable firewalld
Boot enabled: systemctl enable firewalld
2.systemctl is the main tool in THE CentOS7 service management tool, which combines the previous functions of service and chkconfig into one body.
Start 1 service: systemctl start firewalld.service
Close 1 service: systemctl stop firewalld.service
Restart 1 service: systemctl restart firewalld.service
Displays the status of 1 service: systemctl status ES170en.service
One service is enabled at boot time: systemctl enable ES175en.service
1 service is disabled on startup: systemctl disable firewalld.service
Check whether the service is turned on or not: systemctl ES184en-ES185en firewalld.service
View a list of started services: systemctl list-unit-files |grep enabled
View the list of services that failed to start: systemctl --failed
3. The configuration firewalld - cmd
View version: ES204en-ES205en --version
See help: ES208en-ES209en --help
Display status: ES212en-ES213en --state
View all open ports: firewall-ES217en --zone=public -- ES220en-ES221en
Update firewall rules: ES223en-ES224en --reload
View area information: firewall-ES228en -- ES229en-ES230en-ES231en
View the region of the specified interface: firewall-ES234en -- ES235en-ES236en-ES237en-ES238en =eth0
Reject all packages: ES241en-ES242en -- ES243en-ES244en
Cancel the rejected status: ES246en-ES247en -- ES248en-ES249en
Check to see if you reject: ES251en-ES252en -- ES253en-ES254en