1. View firewalls running status Systemctl status firewall
2. Open Firewall firewall systemctl start FIREWALLD
3. Configure the rules of the firewall, only to configure zone as public rules,
(1), add the accessible port, the permanent parameter means that the restart after the permanent effect, if not add this parameter, restart will not take effect
Firewall-cmd--zone=public--add-port=80/tcp--permanent
(2), set fixed IP, access to MySQL service
Firewall-cmd--permanent--add-rich-rule ' rule family=ipv4 source address=111.111.111.111 port port=3306 protocol=tcp AC Cept
(3), set up SSH service, the Aliyun server's centOS7 default on the SSH service, so all IP access, if you need to set fixed IP access,
You can add a rule based on the command above
Firewall-cmd--permanent--add-rich-rule ' rule family=ipv4 source address=111.111.111.111 Port port=3306 protocol=tcp Accept '--add-rich-rule ' rule family=ipv4 source address=111.111.111.111 port port=22 protocol=tcp Accept '
View in the/etc/firewalld/zone/public.xml file, <service name= "ssh"/> Need this comment out, rule the port configured below will not take effect, otherwise, all IP can be logged in via SSH.
<?xml version= "1.0" encoding= "Utf-8"?>
<zone>
<short>Public</short>
<description>for use with public areas. You don't trust the "other computers" networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name= "Dhcpv6-client"/>
<!--<service name= "ssh"/>-->
<port protocol= "tcp" port= "/>"
<rule family= "IPv4" >
<source address= "111.111.111.111"/>
<port protocol= "tcp" port= "3306"/>
<accept/>
</rule>
<rule family= "IPv4" >
<source address= "111.111.111.112"/>
<port protocol= "tcp" port= "/>"
<accept/>
</rule>
<rule family= "IPv4" >
<source address= "111.111.111.111"/>
<port protocol= "tcp" port= "/>"
<accept/>
</rule>
<rule family= "IPv4" >
<source address= "111.111.111.111"/>
<port protocol= "tcp" port= "3306"/>
<accept/>
</rule>
</zone> (4) can also directly modify the above configuration file, complete the configuration, restart the firewall
Systemctl Restart Firewalld