Detailed steps for Linux firewall configuration (based on yum warehouse configuration)

Preface

This experiment prepares two virtual machines for debugging, one CentOs6 and one Red Hat 6

1. First, make sure that the configuration of the yum warehouse is intact (CentOs6)

2. Requires installation of httpd and mod_ssl packages in centOs6

[root@cento211 yum.repos.d]# yum -y install httpd mod_ssl

3. Enable httpd.service in CentOs6 and enable it to start automatically

[root@cento211 ~]# systemctl enable httpd.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
 
[root@cento211 ~]# systemctl start httpd.service

4. Use Congratulation! before web content developers complete their web applications. To provide a placeholder page

[root@cento211 ~]# vim /var/www/html/index.html
 
Congratulations!

View the edited content of the application web page

[root@cento211 ~]# cat /var/www/html/index.html 
Congratulations!

5. Enable and start firewalld service

[root@cento211 ~]# systemctl is-enabled firewalld
enabled

6. Firewalld configuration on CentOs6 uses dmz zone for all unspecified connections

(1) First, look at the default area of ​​Firewalld

[root@cento211 ~]# firewall-cmd --get-default 
public (the default public zone)

(2) Use the DMZ area

[root@cento211 ~]# firewall-cmd --set-default-zone=dmz 
success

(3) Check the default area at this time

[root@cento211 ~]# firewall-cmd --get-default 
dmz

7. Open two virtual machines and check the virtual machine addresses respectively

8. Traffic from subnet 10.1.1.0/24 is routed to the work area

[root@cento211 ~]# firewall-cmd --permanent --add-source=10.1.1.0/24 --zone=work 
success

9. Reset

[root@cento211 ~]# firewall-cmd --reload 
success

10. Check the source at this time

[root@cento211 ~]# firewall-cmd --list-all --zone=work 
work (active)
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 10.1.1.0/24 (this is the address we configured)
  services: dhcpv6-client ssh
  ports: 
  Protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  Rich rules:

11. The work area should open all ports required by Https and filter all unencrypted http traffic

(1) First, open the Https service

[root@cento211 ~]# firewall-cmd --permanent --add-service=https --zone work 
success

(2) Reset

[root@cento211 ~]# firewall-cmd --reload 
success

(3) Check whether this service is enabled

12. Check whether the yum warehouse is intact on another virtual machine Red Hat 6

13. Use curl to test the server in Red Hat 6, test https://10.1.1.211

[root@centos6-212~]# curl -k https://10.1.1.211
Congratulations!

14. Web page testing

This is the end of this article about the detailed steps of Linux firewall configuration (configuration based on yum warehouse). For more relevant Linux firewall configuration content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!