Fireall-cmd some orders.

Source: Internet
Author: User

Firewall Service Introduction

The Firewall service is the default installed Firewall service for the REDHAT7 and CENTOS7 systems, and the concept of a trust level to manage the connections and interfaces associated with it. It supports IPv4 and IPv6, and supports the network Bridge, using Firewall-cmd (command) or Firewall-config (GUI) to dynamically manage kernel NetFilter temporary or permanent interface rules that take effect immediately without restarting the service.

Firewall can classify different network connections into different trust levels, Zone provides the following levels:

Drop: Discard all incoming packets without giving any response block 
: Deny all externally initiated connections, allow internal-initiated connections public 
: Allow specified access connection 
external: ibid., entry connection to disguise, general for routing forwarding 
DMZ: Allow restricted access connections 
work: Allows trusted computers to be restricted to access connections, similar to workgroup home 
: Ibid., similar to homegroup 
internal: ibid., range for all internet users 
Trusted: Trust all connections
'

  

Rules for installation and use of firewall

1. Installation of Firewall service

Yum Install Firewalld-y

  

2. Install firewall graphics Operation interface

Yum Install Firewall-config-y

3. Firewall service startup and shutdown operations
Start the Firewall service

Systemctl Start Firewalld.service


Boot Firewall Service

Systemctl Enable Firewalld.service


Turn off the Firewall service

Systemctl Stop Firewalld.service


Cancel Boot boot Firewall service

Systemctl Disable Firewalld.service

Restart the Firewall service

Systemctl Restart Firewalld.service

  

4. Firewall service rule management, use Firwwall-cmd command

See how rules are used

Firewall-cmd--help

  

To view the running status of the Firewall service

Firwwall-cmd--state

  


Viewing Zone information that has been activated

Firewall-cmd--get-active-zones


View Zone information for the specified interface

Firewall-cmd--get-zone-of-interface=ens160

View ports at a specified level

Firewall-cmd--zone=public--list-all


View information that is allowed for all levels

Firewall-cmd--get-service

View the services that are allowed in all zones levels

Firewall-cmd--get-service--permanent

5. Rule management of firewall services

Firewall-cmd--panic-on # Discard
firewall-cmd--panic-off # Cancel Discard
firewall-cmd--query-panic # view discard status
Firewall-cmd--reload # Update rule, do not restart service
firewall-cmd--complete-reload # Update rule, restart service

  

Add an interface to a trust level

Firewall-cmd--zone=public--add-interface=ens160--permanent


Set public as the default trust level

Firewall-cmd--set-default-zone=public

  

6. Firewall Management port

List the allowed entry ports at the DMZ level

Firewall-cmd--ZONE=DMZ--list-ports

  

Allow TCP port 8080 to DMZ level

Firewall-cmd--zone=dmz--add-port=8080/tcp
firewall-cmd--reload

  

Allow a range of UDP ports to the public level and take effect permanently

Firewall-cmd--zone=public--add-port=5000-5020/udp--permanent

  

7. Firewall Management Services

Add SMTP service to work zone

Firewall-cmd--zone=work--ADD-SERVICE=SMTP

  

Remove the SMTP service in work zone

Firewall-cmd--zone=work--REMOVE-SERVICE=SMTP

  

8. Firewall Configure IP Address camouflage

View Camouflage

Firewall-cmd--zone=external--query-masquerade

  

Open disguise

Firewall-cmd--zone=external--add-masquerade

  

Turn off camouflage

Firewall-cmd--zone=external--remove-masquerade

  

9. Firewall port Forwarding

To open port forwarding, you need to first

Firewall-cmd--zone=external--add-masquerade

  

Then forward TCP 22 port to 3753

Firewall-cmd--zone=external--add-forward-port=port=22:proto=tcp:toport=3753

  

Forward 22-Port data to another IP-192.168.1.100 on the same port

Firewall-cmd--zone=external--add-forward-port=port=22:proto=tcp:toaddr=192.168.1.100

  

Forward 22-Port data to another IP-192.168.1.100 2055 port

firewall-cmd--zone=external--add-forward-port=port=22:proto=tcp:toport=2055:toaddr=192.168.1.100 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.