CENTOS7 Firewall Firewall Configuration rules

Source: Internet
Author: User

Simple configuration, reference learning:
–permanent This parameter is added at the beginning or end of the command when a permanent state is set, otherwise the setting fails after overloading or restarting the firewall.

Open port: firewall-cmd–zone=public–add-port=80/tcp–permanent firewall-cmd–zone=public–add-port=22/tcp– Permanent

Common ports
Http:80
Ssh:22
redis:6379 7000 7001 7002
mysql:3306
mongdb:5672
es:9300
rebbitmq:5672
consul:8500

You can specify more than one at a time: firewall-cmd–zone=public–permanent–add-port=111/tcp–add-port=139/tcp–add-port=445/tcp

Firewall-cmd–reload
View all open ports: firewall-cmd–list-port firewall-cmd–zone=public–list-ports

Open camouflage: firewall-cmd [–zone=zone]–add-masquerade firewall-cmd–remove-masquerade firewall-cmd– Query-masquerade

Add Zone Interface: firewall-cmd [–zone=zone]–add-interface= Firewall-cmd–zone=public–add-interface=eth0

List the attributes of all enabled zones
Firewall-cmd–list-all-zones
All attributes enabled for the output region. If you omit a range, the information for the default zone is displayed Firewall-cmd–zone=public–list-all

To enable a service:
Firewall-cmd–add-service=http
Firewall-cmd–add-service=vnc-server firewall-cmd–zone=public–add-service=nfs–add-service=samba–add-service= Samba-client–permanent

Firewall-cmd–remove-service=service Removal Service
Enquiry: Firewall-cmd–list-service

NAT Address Translation:
Firewall-cmd [–zone=]–add-forward-port=port=[-]:p roto= {: toport=[-] |: toaddr=

| :toport=[-]:toaddr= }
IP端口转发:

firewall-cmd–add-forward-port=222:proto=tcp:toport=333:toaddr=192.168.1.100

Local forwarding: firewall-cmd–add-forward-port=port=9898:proto=tcp:toport=8088:toaddr=

Success
Enquiry: firewall-cmd–list-forward-port firewall-cmd–list-port firewall-cmd–list-all

Removal: firewall-cmd–remove-forward-port=port=222:proto=tcp:toport=333:toaddr= firewall-cmd– remove-forward-port=222:proto=tcp:toport=333:toaddr=192.168.1.100

Graphical Configuration tool: # Firewall-config

Custom rules:
/sbin/iptables-t filter-i input_direct 2-s 192.168.1.1-p tcp–dport=22-j DROP
usage:–direct–add-rule {IPv4 | ipv6 | eb}

firewall-cmd–permanent–direct–add-rule IPv4 filter INPUT 1-s 192.168.1.0/24-p tcp–dport=22-j ACCEPT firewall-cmd–permanent–direct–add-rule IPv4 filter INPUT 2-p tcp–dport=22-j DROP Firewall-cmd–reload Firewall-cmd–direct–get-all-rules

IPv4 filter INPUT 1-s 192.168.1.0/24-p tcp–dport=22-j ACCEPT
IPv4 filter INPUT 2-p tcp–dport=22-j DROP

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.