Firewall
Iptables
CentOS7.0 The default is to use firewall as the firewall, we first use the previous iptables.
Systemctl Stop Firewalld
Systemctl Disable FIREWALLD
Yuminstall iptables-services-y
# Yuminstall Iptables-ipv6-y
#systemctl Start Ip6tables
#systemctl Enable ip6table
Chkconfig Iptalbes on
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7D/13/wKioL1bfx97B6S94AAAyA1CCzP0893.png "title=" 1.png " alt= "Wkiol1bfx97b6s94aaaya1cczp0893.png"/>
Or
Systemctlenable Iptables.service
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7D/15/wKiom1bfx3zhkV3YAAAoYrEyvTk388.png "title=" 2.png " alt= "Wkiom1bfx3zhkv3yaaaoyreyvtk388.png"/>
Systemctlstart Iptables.service
Or
Service Iptables Start
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7D/15/wKiom1bfx6rQlbE_AAAhJS2HYJs236.png "title=" 3.png " alt= "Wkiom1bfx6rqlbe_aaahjs2hyjs236.png"/>
Service Iptables Save
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/15/wKiom1bfx7TiibQTAAAhhozKvgg509.png "title=" 4.png " alt= "Wkiom1bfx7tiibqtaaahhozkvgg509.png"/>
The configuration policy is the same as CENTOS5, 6.
Firewalld
Installing the firewall firewall
# Yum Remove Iptables-services-y
Yum Install Firewalld firewall-config-y
Systemctl Start Firewalld.service
#systemctl Stop Firewalld.service
Systemctl Enable Firewalld.service
#systemctl Disable Firewalld.service
Systemctlstatus FIREWALLD
Configuration
Tool Firewall-cmd
Firewall-cmd–help
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7D/15/wKiom1bfx9jBHHh3AAAdsVx7-mE095.png "title=" 5.png " alt= "Wkiom1bfx9jbhhh3aaadsvx7-me095.png"/>
Check the current top-level firewall configuration using the following command.
firewall-cmd–state ( Check firewall status)
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/7D/15/wKiom1bfx--Qnr5dAAAY8fvals4714.png "title=" 6.png " alt= "Wkiom1bfx--qnr5daaay8fvals4714.png"/>
Firewall-cmd--get-service (check activity service)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/14/wKioL1bfyIqQpyT6AABMINLF8IU649.png "title=" 7.png " alt= "Wkiol1bfyiqqpyt6aabminlf8iu649.png"/>
firewall-cmd--get-service–permanent (check for services that will be actively checked after the next reboot)
Firewall-cmd--get-active-zones (check active area)
Lock and use the command to turn on the firewall
#firewall-cmd--panic-on
Success
#firewall-cmd--query-panic
Yes
#firewall-cmd--panic-off
Syccess
#firewall-cmd--query-panic
No
The following command is used to configure permanent files when you reload the runtime.
Firewall-cmd--reload
The firewall has a predefined service, which is the XML file "/USR/LIB/FIREWALLD/Service/" directory.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7D/14/wKioL1bfyLCSG_xZAABYwtdJkBo165.png "title=" 9.png " alt= "Wkiol1bfylcsg_xzaabywtdjkbo165.png"/>
You should not edit these. Instead, a specific service file is copied to the "/ETC/FIREWALLD/Services/" directory and edits it. The FIREWALLD service always uses the file "/ETC/FIREWALLD/Service/" directory to take precedence over those "/USR/LIB/FIREWALLD/Services/" directories. Remember to make any changes after reloading the configuration.
Firewall-cmd--reload
Add an existing service area.
Standalone settings run-time and permanent.
#firewall-cmd--zone=public--add-service=https
Firewall-cmd--permanent--zone=public--add-service=https
Firewall-cmd–reload
Check Service Area
firewall-cmd--zone=public--list-services (temporary)
firewall-cmd--permanent--zone=public--list-services (permanent)
Removes an existing service area.
Firewall-cmd--permanent--zone=public--remove-service=https
Firewall-cmd--reload
#firewall-cmd--zone=public--list-ports
#firewall-cmd--permanent--zone=public--list-ports
#firewall-cmd--permanent--zone=public--remove-port=
Rich rules allow you to create more complex configurations. The following command allows you to turn on HTTP access to a specific IP address.
Firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "\
> Source address= "192.168.0.4/24" service Name= "http" accept "
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/15/wKiom1bfyGOxHCHMAAAjqEiNpBg356.png "title=" 10.png "alt=" Wkiom1bfygoxhchmaaajqeinpbg356.png "/>
"/ETC/FIREWALLD/ District/public. XML "File now contains rich rules.
Remove rule
Firewall-cmd--permanent--zone=public--remove-rich-rule= "rule family=" IPv4 "\
> Source address= "192.168.0.4/24" service Name= "http" accept "
The following example turns on and off 8080 ports for a specific source IP address using rich rules.
Firewall-cmd--permanent--zone=public--add-rich-rule= "rule family=" IPv4 "\
> Source address= "192.168.0.4/24" \
> Port protocol= "tcp" port= "8080" accept "
> Port protocol= "tcp" port= "8080" accept "
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7D/15/wKiom1bfyH-TO7fTAAAqa7wFIgI593.png "title=" 11.png "alt=" Wkiom1bfyh-to7ftaaaqa7wfigi593.png "/>
Hope to communicate with you and learn from each other
This article is from the "Brother to share" blog, please be sure to keep this source http://renzhiyuan.blog.51cto.com/10433137/1749128
Centos7 Frequently asked Questions-firewalld and iptables