This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Windows/Linux Linux uses firewall-cmd to manage firewalls...
View: 1679|Reply: 4

[linux] Practical combat: Linux uses firewall-cmd to manage firewalls

[Copy link]
Posted on 10/29/2024 10:50:10 AM | | |
firewall-cmd is the command-line client of the firewalld daemon. It provides interfaces for managing runtime and permanent configuration. The runtime configuration in firewalld is separate from the persistent configuration. This means that things can be changed at runtime or in a permanent configuration. After CnetOS 7, iptables has been replaced by firewalld.

Review:

CentOS7 View and turn off the firewall
https://www.itsvse.com/thread-7771-1-1.html

CentOS 7 prohibits an IP from accessing the server
https://www.itsvse.com/thread-10264-1-1.html

iptables firewall only allows certain IPs to access certain ports and specific websites
https://www.itsvse.com/thread-2535-1-1.html

Start the firewall

Turn on the startup firewall

Permanently allow any IP address to access ports 80, 443

Reload the firewall rules for them to take effect:

Temporarily ban access to 1.1.1.5 (no firewall restart or firewall rules need to be reloaded)

Review the rules

View the zone of the network card

See all zones

public - [default] public network access without any restrictions.
work - Used in the workspace. A basic trust network that receives only selected connections.
home – Used for home networks. A basic trust network that receives only selected connections.
Trusted - The external network connection received is trusted and acceptable.
block - Any incoming network connection is rejected by the icmp-host-prohibited information for IPv4 and the icmp6-adm-prohibited information for IPv6.
DMZ (Quarantine Zone) - Abbreviation for "Demilitarized Zone", this area is publicly accessible, and it is a buffer between non-secure systems and security systems.
drop - Any received network packets are dropped without any reply. Only outgoing network connections are available.
external - Allows a specified external network to enter the connection, especially an extranet with the router disguised enabled.
internal - internal access. Local access only, no other access.

(End)




Previous:The Angular 18 series (twenty-six) implements lazy search capabilities based on RXJS
Next:Windows install the Conda environment management tool

Related Posts
 Landlord| Posted on 10/29/2024 10:53:09 AM |
When firewalld firewall is enabled, docker containers may fail to start, such as the following error:


Cannot restart container php5-fpm: driver failed programming external connectivity on endpoint php5-fpm (1486c846c2566abdxxxx):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 9000 -j DNAT --to-destination 172.17.0.5:9000 ! -i docker0: iptables: No chain/target/match by that name.
Temporary solutionto restart the docker service:

If both firewalld and docker services are enabled, they will write rules to the forwarding chain in iptables, and firewalld will forcibly overwrite the forwarding chain of docker every time it starts or restarts, and docker will also invalidate the items configured in firewalld through higher-priority policies. When there is a conflict, restart firewalld first, then restart docker, note that the order cannot be reversed.
 Landlord| Posted on 11/28/2024 3:57:59 PM |
Count the number of connections per IP address:


Set up a blacklist



Set up a whitelist


 Landlord| Posted on 10/28/2025 9:06:26 AM |
Rocky Linux 9 uses a ufw simple firewall
https://www.itsvse.com/thread-11121-1-1.html
 Landlord| Posted on 11/2/2025 7:03:52 PM |
Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory

internal:0:0-0: Error: Could not process rule: No such file or directory

Solution, enter/etc/firewalld/zonesEdit the corresponding XML configuration file.
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com