Home > Others

Centos7 Frequently asked Questions-firewalld and iptables

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Firewall

Iptables

CentOS7.0 The default is to use firewall as the firewall, we first use the previous iptables.

Systemctl Stop Firewalld

Systemctl Disable FIREWALLD

Yuminstall iptables-services-y

# Yuminstall Iptables-ipv6-y

#systemctl Start Ip6tables

#systemctl Enable ip6table

Chkconfig Iptalbes on

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7D/13/wKioL1bfx97B6S94AAAyA1CCzP0893.png "title=" 1.png " alt= "Wkiol1bfx97b6s94aaaya1cczp0893.png"/>


Or

Systemctlenable Iptables.service

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7D/15/wKiom1bfx3zhkV3YAAAoYrEyvTk388.png "title=" 2.png " alt= "Wkiom1bfx3zhkv3yaaaoyreyvtk388.png"/>


Systemctlstart Iptables.service

Or

Service Iptables Start

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7D/15/wKiom1bfx6rQlbE_AAAhJS2HYJs236.png "title=" 3.png " alt= "Wkiom1bfx6rqlbe_aaahjs2hyjs236.png"/>


Service Iptables Save

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/15/wKiom1bfx7TiibQTAAAhhozKvgg509.png "title=" 4.png " alt= "Wkiom1bfx7tiibqtaaahhozkvgg509.png"/>

The configuration policy is the same as CENTOS5, 6.

Firewalld

Installing the firewall firewall

# Yum Remove Iptables-services-y

Yum Install Firewalld firewall-config-y

Systemctl Start Firewalld.service

#systemctl Stop Firewalld.service

Systemctl Enable Firewalld.service

#systemctl Disable Firewalld.service

Systemctlstatus FIREWALLD

Configuration

Tool Firewall-cmd

Firewall-cmd–help

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7D/15/wKiom1bfx9jBHHh3AAAdsVx7-mE095.png "title=" 5.png " alt= "Wkiom1bfx9jbhhh3aaadsvx7-me095.png"/>


Check the current top-level firewall configuration using the following command.

firewall-cmd–state ( Check firewall status)


650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7D/15/wKiom1bfx--Qnr5dAAAY8fvals4714.png "title=" 6.png " alt= "Wkiom1bfx--qnr5daaay8fvals4714.png"/>

Firewall-cmd--get-service (check activity service)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/14/wKioL1bfyIqQpyT6AABMINLF8IU649.png "title=" 7.png " alt= "Wkiol1bfyiqqpyt6aabminlf8iu649.png"/>

firewall-cmd--get-service–permanent (check for services that will be actively checked after the next reboot)

Firewall-cmd--get-active-zones (check active area)

Lock and use the command to turn on the firewall

#firewall-cmd--panic-on

Success

#firewall-cmd--query-panic

Yes

#firewall-cmd--panic-off

Syccess

#firewall-cmd--query-panic

No

The following command is used to configure permanent files when you reload the runtime.

Firewall-cmd--reload

The firewall has a predefined service, which is the XML file "/USR/LIB/FIREWALLD/Service/" directory.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7D/14/wKioL1bfyLCSG_xZAABYwtdJkBo165.png "title=" 9.png " alt= "Wkiol1bfylcsg_xzaabywtdjkbo165.png"/>

You should not edit these. Instead, a specific service file is copied to the "/ETC/FIREWALLD/Services/" directory and edits it. The FIREWALLD service always uses the file "/ETC/FIREWALLD/Service/" directory to take precedence over those "/USR/LIB/FIREWALLD/Services/" directories. Remember to make any changes after reloading the configuration.

Firewall-cmd--reload

Add an existing service area.

Standalone settings run-time and permanent.

#firewall-cmd--zone=public--add-service=https

Firewall-cmd--permanent--zone=public--add-service=https

Firewall-cmd–reload

Check Service Area

firewall-cmd--zone=public--list-services (temporary)

firewall-cmd--permanent--zone=public--list-services (permanent)

Removes an existing service area.

Firewall-cmd--permanent--zone=public--remove-service=https

Firewall-cmd--reload

#firewall-cmd--zone=public--list-ports

#firewall-cmd--permanent--zone=public--list-ports

#firewall-cmd--permanent--zone=public--remove-port=

Rich rules allow you to create more complex configurations. The following command allows you to turn on HTTP access to a specific IP address.

Firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "\

> Source address= "192.168.0.4/24" service Name= "http" accept "

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/15/wKiom1bfyGOxHCHMAAAjqEiNpBg356.png "title=" 10.png "alt=" Wkiom1bfygoxhchmaaajqeinpbg356.png "/>

"/ETC/FIREWALLD/ District/public. XML "File now contains rich rules.

Remove rule

Firewall-cmd--permanent--zone=public--remove-rich-rule= "rule family=" IPv4 "\

> Source address= "192.168.0.4/24" service Name= "http" accept "

The following example turns on and off 8080 ports for a specific source IP address using rich rules.

Firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "\

> Source address= "192.168.0.4/24" \

> Port protocol= "tcp" port= "8080" accept "

> Port protocol= "tcp" port= "8080" accept "


650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/15/wKiom1bfyH-TO7fTAAAqa7wFIgI593.png "title=" 11.png "alt=" Wkiom1bfyh-to7ftaaaqa7wfigi593.png "/>

Hope to communicate with you and learn from each other

This article is from the "Brother to share" blog, please be sure to keep this source http://renzhiyuan.blog.51cto.com/10433137/1749128

Centos7 Frequently asked Questions-firewalld and iptables

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
frequently mispronounced words 2br02b questions and answers mahjong questions and answers word questions and answers sap questions and answers cissp questions and answers electromagnetism questions and answers

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More