Simple use of Linux firewalls

After the CentOS upgrade to 7, the built-in firewall has changed from Iptables to Firewalld. Therefore, the opening of the port is to be described in two cases, that is iptables and FIREWALLD. This article refers to the official website tutorial Basics

First, iptables
1. Turn on/off/restart the firewall

Open Firewall (permanent after reboot): Chkconfig iptables on

Shut down the firewall (permanent after reboot): Chkconfig iptables off

Turn on the firewall (effective immediately, fail after reboot): Service iptables start

Shut down the firewall (effective immediately, fail after reboot): Service iptables stop

Restart Firewall: Service iptables RESTARTD
2. View open ports

/etc/init.d/iptables status

3. Open a port (take 8080 for example)

(1) Open port

Iptables-a input-p TCP--dport 8080-j ACCEPT

(2) Save and restart the firewall

/etc/rc.d/init.d/iptables save/etc/init.d/iptables Restart

4. Open the port between 49152~65524

Iptables-a input-p TCP--dport 49152:65524-j ACCEPT

Again, the settings need to be saved and the firewall restarted.

5. Other Open methods

We can also open the port by modifying the/etc/sysconfig/iptables file, as follows

Vim/etc/sysconfig/iptables

Then add a line to the file

-A rh-firewall-1-input-m state–state new-m tcp-p tcp–dport 8080-j accep

Parameter description:

The –A parameter is seen as adding a rule
–P specifies what protocol we commonly use for the TCP protocol, and of course there are UDP, such as 53-port DNS
–dport is the destination port, when the data goes from outside to the server as the destination port
–sport data goes out of the server, it is used for the data source port
–J is designated as Accept-receive or DROP not receive

Second, FIREWALLD
CENTOS7 installs FIREWALLD by default, and if it is not installed, it can be installed using the Yum install Firewalld firewalld-config.

1. Start the firewall

Systemctl Start Firewalld

2. Disabling the firewall

Systemctl Stop Firewalld

3. Set Boot up

Systemctl Enable Firewalld

4. Stop and disable boot boot

Sytemctl Disable FIREWALLD

5. Restart the firewall

Firewall-cmd--reload

6. View status

Systemctl status Firewalld or Firewall-cmd--state

7. View version

Firewall-cmd--version

8. View Help

Firewall-cmd--help

9. View area Information

Firewall-cmd--get-active-zones

10. View the zone information for the specified interface

Firewall-cmd--get-zone-of-interface=eth0

11. Reject All Packages

Firewall-cmd--panic-on

12. Cancel the Deny status

Firewall-cmd--panic-off

13. See if you are rejecting

Firewall-cmd--query-panic

14. Add an interface to a zone (the default interface is public)

Firewall-cmd--zone=public--add-interface=eth0 (permanently effective plus--permanent then reload firewall)

15. Set the default interface area

Firewall-cmd--set-default-zone=public (Immediate effect, no restart required)

16. Update Firewall rules

Firewall-cmd--reload or Firewall-cmd--complete-reload (the difference between the two is that the first one without disconnecting is one of the FIREWALLD features dynamic　

Add a rule, the second need to disconnect, similar restart service)
17. View all open ports in the specified zone

Firewall-cmd--zone=public--list-ports

18. Open the port in the specified area (remember to restart the firewall)

Firewall-cmd--zone=public--add-port=80/tcp (permanently effective plus--permanent)

Description
–zone Scope
–ADD-PORT=8080/TCP add port in the format: Port/Communication protocol
–permanent #永久生效, fail after reboot without this parameter

Simple use of Linux firewalls