Firewall: firewall command Management

Firewall: firewall command Management

In the window, you can ping the Virtual Machine ip address, but you cannot access the tomcat homepage started in the virtual machine through ip: 8080, because there is a firewall.

Firewalld

If you see the end of d, you can guess that it is a self-starting service, then you can use the systemctl command to control it. If you do not know this, refer to the previous article.

Systemctl start firewalld: immediately start the firewall.

Systemctl stopfirewalld: Stop the firewall immediately.

Systemctl restartfirewalld: restart the firewall immediately.

Systemctl enablefirewalld: Enable the firewall after it is started.

Systemctldisablefirewalld: the firewall will not be started when the system is started.

Systemctl statusfirewalld: view the Firewall Status.

The red box shows that the firewall is enabled by default in the system. Firewall is an important security measure of centos. We certainly do not recommend disabling the entire firewall for tomcat. Some proxy servers, such as nginx, can proxy N different ports through port 80, which is the practice of online servers. During normal development and testing, you often need to access the tomcat background. You can use the firewall-cmd command to separately open port 8080 without being intercepted by the firewall.

Port Management

Firewall-cmd -- add-port = 8080/tcp: open port 8080, tcp is the protocol.

Firewall-cmd -- remove-port = 8080/tcp: To disable port 8080, replace add with remove.

Firewall-cmd -- list-ports: Check the opened port. Now with port 8080/tcp, you can access the tomcat homepage in the virtual machine from the window.

Why is port 8080 only available? As I mentioned in Article 3rd, port 22 of ssh is open by default. Why is it not shown here?

Service Management

Firewall-cmd -- list-service: View open services.

We can find that the ssh service is open by default. For the preset ssh service, you can open it through the open service method. Non-system preset services, such as tomcat, can only be enabled through ports.

Firewall-cmd -- add-service = ssh: Open the ssh service.

Firewall-cmd -- remove-service = ssh: Disable the ssh service.

Firewall-cmd -- get-services: view the preset services of the system.

Persistent Configuration

By default, the above commands are only available in the current environment. After you restart them, they will be restored. Add the -- permanent option in the command to make it valid after restart.

First, I deleted the open 8080. Then, use -- permanent to enable 8080. You can use -- permanent to check the information during query. However, if you do not add -- permanent, you cannot find it.

-- Permanent: It takes effect only when the firewall is restarted or reloaded. Therefore, 8080 is not open immediately.

Firewall-cmd -- reload: reload it. Now we have it.