CENTOS7 Firewall Firewall command detailed _linux

Source: Internet
Author: User
Tags ldap vps bacula

In order to set up the SS in Vultr bought a Japanese VPS with the CENTOS7 system firewall is firewall for two days to sum up here.

If the small partner also prepares to buy the VPS in the vultr the registration is may use this preferential connection Http://www.vultr.com/?ref=6972993-3B to 20$ the discount also may use for free 4 months

If your system is not installed using the command to install

#yum Install FIREWALLD//install FIREWALLD Firewall

Open service

# Systemctl Start Firewalld.service

Shutdown firewall

# Systemctl Stop Firewalld.service

Boot auto Start

# Systemctl Enable Firewalld.service

Turn off the boot brake boot

# systemctl Disable Firewalld.service

View status

#systemctl Status Firewalld

To get the result if it is

firewalld.service-firewalld-dynamic Firewall daemon
Loaded:loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset:enabled)
Active:active (running) since Mon 2016-09-05 02:34:07 UTC; 15min ago
Main pid:3447 (FIREWALLD)
Cgroup:/system.slice/firewalld.service
└─3447/usr/bin/python-es/usr/sbin/firewalld--nofork--nopid

Sep 02:34:07 Vultr.guest systemd[1]: Starting firewalld-dynamic Firewall daemon ...
Sep 02:34:07 vultr.guest systemd[1]: Started firewalld-dynamic firewall.

There's no problem with this description.

Set Firwall

Using the Firewall-cmd command

View status

#firewall-cmd--state//running represents running

Get the active zone

#firewall-cmd--get-active-zones

This command will output the interfaces that each zone contains in the following format:

<zone1>: <interface1> <interface2>. <zone2>: <interface3>.

Get all supported services

#firewall-cmd--get-service

Each service is separated by a space such as:

rh-satellite-6 amanda-client bacula bacula-client dhcp DHCPv6 dhcpv6-client DNS Freeipa-ldap freeipa-ldaps Freeipa-replication FTP high-availability http HTTPS imaps IPP ipp-client IPSec iscsi-target Kerberos kpasswd LDAP ldaps l Ibvirt libvirt-tls mdns mountd MS-WBT mysql NFS ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s PostgreSQL RA Dius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server

The services that are supported by the permanent option are also spent after restarting

#firewall-cmd--get-service--permanent//in FIREWALLD version prior to 0.3.0, panic option is –enable-panic and –disable-panic

Open Emergency mode to block all network connections

#firewall-cmd--panic-on//in FIREWALLD version prior to 0.3.0, panic option is –enable-panic and –disable-panic

Turn off emergency mode

#firewall-cmd--panic-off

View the status of the contingency mode

#firewall-cmd--query-panic

To reload the firewall without changing the state:

#firewall-cmd--reload

The firewall predefined service profile is an XML file directory in/usr/lib/firewalld/services/

There are also profiles in the/etc/firewalld/services/directory but the/etc/firewalld/services/directory takes precedence over the/usr/lib/firewalld/services/directory

Reload with command after modifying configuration file

#firewall-cmd--reload

Enable a service

# firewall-cmd--zone=public--add-service=https/Temp
# firewall-cmd--permanent--zone=public--add-service=https Permanent

Open a port

#firewall-cmd--permanent--zone=public--add-port=8080-8081/tcp//Permanent
#firewall-cmd--zone=public 8080-8081/TCP//Temporary

To load settings with a command

#firewall-cmd--reload

To view open ports and services

#firewall-cmd--permanent--zone=public--list-services//service spaces, such as dhcpv6-client HTTPS SS 
#firewall-cmd- Permanent--zone=public--list-ports//Port spaces For example 8080-8081/tcp 8388/tcp 80/tcp

/etc/firewalld/zones/public.xml files are modified each time the ports and services are modified so that they can be modified and reloaded between the files.

Set an IP access to a service

#firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "source address=" 192.168.0.4/24 "service Name= "http" accept "

IP 192.168.0.4/24 Access http

Public.xml will change when you set it up
Delete the rules set above

#firewall-cmd--permanent--zone=public--remove-rich-rule= "rule family=" IPv4 "source address=" 192.168.0.4/24 " Service Name= "http" accept "

Start a service

#systemctl start Firewalld.service//Open service
#systemctl enable Firewalld.service//Boot brake start

#systemctl Stop Firewalld.service//Off service
#systemctl disable Firewalld.service//disable boot

The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.