Firewall Configuration and firewall configuration
In CentOS 7
Start ftp server at specified time
# Firewall-cmd -- add-service = ftp
Permanently open the ftp server
# Firewall-cmd -- add-service = ftp -- permanent
Permanent Access
# Firewall-cmd -- remove-service = ftp -- permanent
Success
Make settings take effect
# Systemctl restart firewalld
Whether the specified parameter settings take effect
# Iptables-L-n | grep 21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 21 ctstate NEW
Investigation of fire prevention measures
# Firewall-cmd -- state
Running
# Systemctl stop firewalld
# Firewall-cmd -- state
Not running
# Firewall-cmd -- list-all
Public (default)
Interfaces:
Sources:
Services: dhcpv6-client ftp ssh
Ports:
Masquerade: no
Forward-ports:
Icmp-blocks:
Rich rules:
The service name in FirewallD is invalid.
# Firewall-cmd -- get-service
Amanda-client bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp-client ipsec kerberos kpasswd ldap ldaps libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba-client smtp ssh telnet tftp-client transmission-client vnc-server wbem-https
Query the quota of the Alibaba Cloud Service
# Firewall-cmd -- query-service ftp
Yes
# Firewall-cmd -- query-service ssh
Yes
# Firewall-cmd -- query-service samba
No
# Firewall-cmd -- query-service http
No
Add the Port to be opened by yourself
# Firewall-cmd -- add-port = 3128/tcp -- permanent
# Firewall-cmd -- list-all
Public (default)
Interfaces:
Sources:
Services: dhcpv6-client ftp ssh
Ports: 3128/tcp
Masquerade: no
Forward-ports:
Icmp-blocks:
Rich rules: open address segment firewall-cmd -- permanent -- direct -- add-rule ipv4 filter INPUT 0-s 192.168.100.1/24-j ACCEPT
Enable NAT
Firewall-cmd -- permanent -- direct -- passthrough ipv4-t nat-a postrouting-s 192.168.100.0/24-j SNAT -- to-source 106.3.226.201
# Enable the system route forwarding function vi/etc/sysctl. confnet. ipv4.ip _ forward = 1net. ipv4.conf. all. rp_filter = 0net. ipv4.conf. default. rp_filter = 0 |
Restart firewall-cmd -- reload to disable firewall:
Systemctl stop firewalld. service # stop firewall
Systemctl disable firewalld. service # disable firewall startup
Firewall-cmd -- state # view the default firewall Status (notrunning is displayed after the firewall is disabled, and running is displayed after the firewall is enabled)
Block access from a specified IP address: firewall-cmd -- permanent -- add-rich-rule = 'rule' family = ipv4 source address = "120.132.126.20." drop'