Detailed explanation of firewall rule settings and commands (whitelist settings)

1. Set firewall rules

Example 1: Expose port 8080 to the outside world

firewall-cmd --permanent --add-port=8080/tcp

Example 2: Only servers in the 192.168.1.1/24 network segment can access port 3306 of the MySQL service

#Add rule firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

#reload to make it effective firewall-cmd --reload

Example 3: Port forwarding, forwarding access to port 3306 of the local machine to port 3306 of the 192.168.1.1 server

# Enable spoofing IP
firewall-cmd --permanent --add-masquerade
# Configure port forwarding firewall-cmd --permanent --add-forward-port=port=3306:proto=tcp:toaddr=192.168.1.2:toport=13306

Note: If you do not enable spoofing IP, port forwarding will fail; secondly, make sure that the port on the source server (3306) and the port on the target server (13306) are open.

2. Firewall Command

1. Start, stop, and restart firewalld

1. Stop

systemctl stop firewalld.service

2. Start

systemctl start firewalld.service

3. Restart

systemctl restart firewalld.service

4. Check the status:

systemctl status firewalld

5. Disable firewall startup

systemctl disable firewalld

6. Set the firewall to be enabled at startup:

systemctl enable firewalld.service

2. Check firewall rules and status

1. Check the default firewall status (notrunning is displayed when it is turned off, and running is displayed when it is turned on)

firewall-cmd --state

2. View firewall rules (only display firewall policies in /etc/firewalld/zones/public.xml)

firewall-cmd --list-all

3. View all firewall policies (that is, display all policies under /etc/firewalld/zones/)

firewall-cmd --list-all-zones

4. Reload the configuration file

firewall-cmd --reload

3. Configure firewalld-cmd

Check the version: firewall-cmd --version

View help: firewall-cmd --help

Show status: firewall-cmd --state

View all open ports: firewall-cmd --zone=public --list-ports

Update firewall rules: firewall-cmd --reload

View zone information: firewall-cmd --get-active-zones

Check the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0

Deny all packets: firewall-cmd --panic-on

Cancel the deny state: firewall-cmd --panic-off

Check whether it is rejected: firewall-cmd --query-panic

4. How to open a port?

1. Add (--permanent is effective permanently, and will become invalid after restart without this parameter)

firewall-cmd --zone=public --add-port=80/tcp --permanent

2. Reload (make the modified rules effective)

firewall-cmd --reload

3. View

firewall-cmd --zone=public --query-port=80/tcp

4. Delete

firewall-cmd --zone= public --remove-port=80/tcp --permanent

Because the corresponding rules of ssh.xml are defined in /usr/lib/firewalld/services/

5. systemctl is the main tool in CentOS7's service management tools, which integrates the functions of the previous service and chkconfig.

Start a service: systemctl start firewalld.service
Shut down a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
Display the status of a service: systemctl status firewalld.service
Enable a service at boot: systemctl enable firewalld.service
Disable a service at boot: systemctl disable firewalld.service
Check whether the service is started: systemctl is-enabled firewalld.service
View the list of started services: systemctl list-unit-files | grep enabled
View the list of services that failed to start: systemctl --failed

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Use iptables and firewalld tools to manage Linux firewall connection rules
Detailed explanation of firewall command in centos7
Detailed explanation of Firewall configuration and usage under CentOS7 (recommended)
Detailed explanation of using firewall-cmd to control ports and port forwarding in CentOS 7
Summary of how to use firewall in Linux
Detailed introduction to Firewalld related commands in Centos 7
Summary of common commands of firewall in centos 7
Detailed explanation of CentOS7 firewall management firewalld

<<: MySQL character set garbled characters and solutions

>>: Detailed steps to install MySQL 5.6 X64 version under Linux

Ubuntu Docker installation in vmware (container building)

Detailed explanation of firewall rule settings and commands (whitelist settings)

Ubuntu Docker installation in vmware (container building)

Solve the 1251 error when establishing a connection between mysql and navicat

Detailed explanation of Vue project optimization and packaging

KTL tool realizes the method of synchronizing data from MySQL to MySQL

Instructions for recovering data after accidental deletion of MySQL database

IIS7 IIS8 http automatically jumps to HTTPS (port 80 jumps to port 443)

GZIP compression Tomcat and improve web performance process diagram

Teach you how to build hive3.1.2 on Tencent Cloud

Let's talk about the difference between MyISAM and InnoDB

Example code for implementing 3D text hover effect using CSS3

Recommend

TABLE tags (TAGS) detailed introduction

How to use vue.js to implement drag and drop function

How to modify the root password of mysql in docker

Complete steps to configure IP address in Ubuntu 18.04 LTS

mysql code to implement sequence function

A simple way to implement Vue's drag screenshot function

Detailed explanation of the role of key in React

40 web page designs with super large fonts

jQuery framework implements three animation methods of element display and hiding

MySQL gets the current date and time function

How to use boost.python to call c++ dynamic library in linux

Example of deploying MySQL on Docker

How to expand the disk partition for centos system

List of commonly used escape codes for HTML greater than, less than, spaces, quotation marks, etc.

Detailed explanation of the relationship between Linux and GNU systems