CentOS 7 Firewall is a very powerful feature, but for CentOS 7 in the firewall in the upgrade, let's take a detailed look at the firewall in CentOS7 some of the common configuration.
# start Systemctl start Firewalld # view state systemctl Status Firewalld # Stop closing systemctl disable FIREWALLD systemctl stop firew ALLD # Add a source address to the whitelist to allow all connections from this source address # This uses common # settings in the cluster and uses Firewall-cmd--reload to update firewall rules firewall-cmd--add-rich-rule ' rule f amily= "IPv4" source address= "192.168.1.215" Accept '--permanent firewall-cmd '--reload # A user within a specific domain can connect via SSH, 24 logo 255.255.255.0 firewall-cmd--remove-service=ssh--permanent firewall-cmd--add-rich-rule ' rule Family=ipv4 source ADDRESS=172.16.30.0/24 Service Name=ssh Accept '--permanent firewall-cmd--reload firewall-cmd--list-all # Add a user to White list f Irewall-cmd--add-lockdown-whitelist-user=hadoop--permanent firewall-cmd--reload # Removes the user ID from the whitelist firewall-cmd- Remove-lockdown-whitelist-uid=uid Firewall-cmd--reload # View all open ports: Firewall-cmd--list-ports # Open ports in a zone firewall-cmd --zone=public--add-port=8080/tcp--permanent # Close Port firewall-cmd--remove-port=465/tcp # Open service, see/ETC/FIREWALLD A service in the Services folder under the directory, you can configure Firewall-cmd--permanent--zone=public--aDd-service=samba firewall-cmd--add-service=http--permanent firewall-cmd--reload # Close service Firewall-cmd--zone=public--r Emove-service=samba Firewall-cmd--reload
Official documentation and common references:
Https://access.redhat.com/documentation/zh-CN/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
Https://www.server-world.info/en/note?os=CentOS_7&p=firewalld
The above is a small set to introduce some of the CENTOS7 firewall common configuration Introduction, hope to help everyone, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!