In order to set up the SS in Vultr bought a Japanese VPS with the CENTOS7 system firewall is firewall for two days to sum up here.
If the small partner also prepares to buy the VPS in the vultr the registration is may use this preferential connection Http://www.vultr.com/?ref=6972993-3B to 20$ the discount also may use for free 4 months
If your system is not installed using the command to install
#yum Install FIREWALLD//install FIREWALLD Firewall
Open service
# Systemctl Start Firewalld.service
Shutdown firewall
# Systemctl Stop Firewalld.service
Boot auto Start
# Systemctl Enable Firewalld.service
Turn off the boot brake boot
# systemctl Disable Firewalld.service
View status
#systemctl Status Firewalld
To get the result if it is
firewalld.service-firewalld-dynamic Firewall daemon
Loaded:loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset:enabled)
Active:active (running) since Mon 2016-09-05 02:34:07 UTC; 15min ago
Main pid:3447 (FIREWALLD)
Cgroup:/system.slice/firewalld.service
└─3447/usr/bin/python-es/usr/sbin/firewalld--nofork--nopid
Sep 02:34:07 Vultr.guest systemd[1]: Starting firewalld-dynamic Firewall daemon ...
Sep 02:34:07 vultr.guest systemd[1]: Started firewalld-dynamic firewall.
There's no problem with this description.
Set Firwall
Using the Firewall-cmd command
View status
#firewall-cmd--state//running represents running
Get the active zone
#firewall-cmd--get-active-zones
This command will output the interfaces that each zone contains in the following format:
<zone1>: <interface1> <interface2>. <zone2>: <interface3>.
Get all supported services
#firewall-cmd--get-service
Each service is separated by a space such as:
rh-satellite-6 amanda-client bacula bacula-client dhcp DHCPv6 dhcpv6-client DNS Freeipa-ldap freeipa-ldaps Freeipa-replication FTP high-availability http HTTPS imaps IPP ipp-client IPSec iscsi-target Kerberos kpasswd LDAP ldaps l Ibvirt libvirt-tls mdns mountd MS-WBT mysql NFS ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s PostgreSQL RA Dius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server
The services that are supported by the permanent option are also spent after restarting
#firewall-cmd--get-service--permanent//in FIREWALLD version prior to 0.3.0, panic option is –enable-panic and –disable-panic
Open Emergency mode to block all network connections
#firewall-cmd--panic-on//in FIREWALLD version prior to 0.3.0, panic option is –enable-panic and –disable-panic
Turn off emergency mode
View the status of the contingency mode
#firewall-cmd--query-panic
To reload the firewall without changing the state:
The firewall predefined service profile is an XML file directory in/usr/lib/firewalld/services/
There are also profiles in the/etc/firewalld/services/directory but the/etc/firewalld/services/directory takes precedence over the/usr/lib/firewalld/services/directory
Reload with command after modifying configuration file
Enable a service
# firewall-cmd--zone=public--add-service=https/Temp
# firewall-cmd--permanent--zone=public--add-service=https Permanent
Open a port
#firewall-cmd--permanent--zone=public--add-port=8080-8081/tcp//Permanent
#firewall-cmd--zone=public 8080-8081/TCP//Temporary
To load settings with a command
To view open ports and services
#firewall-cmd--permanent--zone=public--list-services//service spaces, such as dhcpv6-client HTTPS SS
#firewall-cmd- Permanent--zone=public--list-ports//Port spaces For example 8080-8081/tcp 8388/tcp 80/tcp
/etc/firewalld/zones/public.xml files are modified each time the ports and services are modified so that they can be modified and reloaded between the files.
Set an IP access to a service
#firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "source address=" 192.168.0.4/24 "service Name= "http" accept "
IP 192.168.0.4/24 Access http
Public.xml will change when you set it up
Delete the rules set above
#firewall-cmd--permanent--zone=public--remove-rich-rule= "rule family=" IPv4 "source address=" 192.168.0.4/24 " Service Name= "http" accept "
Start a service
#systemctl start Firewalld.service//Open service
#systemctl enable Firewalld.service//Boot brake start
#systemctl Stop Firewalld.service//Off service
#systemctl disable Firewalld.service//disable boot
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.