This article is a mirror article of machine translation, please click here to jump to the original article.

View: 31763|Reply: 5

[linux] CentOS7 View and turn off the firewall

[Copy link]
Posted on 7/5/2019 11:25:08 AM | | | |
CentOS 7.0 uses the firewall as the firewall by default


View the status of the firewall


or



Running indicates that the firewall is on, and not running indicates that the firewall is not started.

Turn on the firewall



Turn off the firewall



Prevent the firewall from booting up



The firewall starts when the system is turned on


Restarting or reloading the firewall profile is the new policy in effect.




Use the firewall-cmd command to set the rules

1. Check the status

firewall-cmd --state

2. Get the area of the activity

firewall-cmd --get-active-zones

3. Get all supported services

firewall-cmd --get-service

4. Emergency mode (block all network connections)

firewall-cmd --panic-on #开启应急模式

firewall-cmd --panic-off #关闭应急模式

firewall-cmd --query-panic #查询应急模式

5. After modifying the configuration file, use the command to reload

firewall-cmd --reload

6. Enable a service/port

firewall-cmd --zone=public --add-service=https #临时

firewall-cmd --permanent --zone=public --add-service=https #永久

firewall-cmd --permanent --zone=public --add-port=8080-8081/tcp #永久

firewall-cmd --zone=public --add-port=8080-8081/tcp #临时

If you want to delete it, you can directly modify it to remove-service or remove-port

7. Check the open ports and services

[root@master ~]# firewall-cmd --permanent --zone=public --list-services
ssh dhcpv6-client
[root@master ~]# firewall-cmd --permanent --zone=public --list-ports
2888/tcp 3888/tcp 2181/tcp 8088/tcp 16010/tcp 9870/tcp

firewall-cmd --permanent --zone=public --list-services #服务空格隔开 e.g. dhcpv6-client https ss

firewall-cmd --permanent --zone=public --list-ports #端口空格隔开 e.g. 8080-8081

The /etc/firewalld/zones/public.xml file is modified each time the port and service is modified.

8. Set a certain IP to access a certain service

firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.122.0/24" service name="http" accept" #ip 192.168.122.0/24 Access http


summary

The predefined service configuration file for the firewall is an XML file, located in /usr/lib/firewalld/services/; There are also configuration files in the /etc/firewalld/services/ directory, but the /etc/firewalld/services/ directory takes precedence over the /usr/lib/firewalld/services/ directory.

(End)





Previous:java unzips nested files (with empty folders) with zipInputStream
Next:A thorough understanding of what selinux in linux is
 Landlord| Posted on 7/5/2019 1:16:14 PM |
To modify the firewall policy from the command line, you still need to restart firewalld.service or reload the firewall configuration file



firewall-cmd --zone=public --add-port=80/tcp --permanent Add firewall rules;

firewall-cmd --reload to reload the firewall;

firewall-cmd --permanent --zone=public --add-masquerade Intranet nets are allowed;

[root@master ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: ssh dhcpv6-client
  ports: 2888/tcp 3888/tcp 2181/tcp 8088/tcp 16010/tcp 9870/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

 Landlord| Posted on 10/8/2021 9:03:26 AM |
Turn off and disable the firewall

 Landlord| Posted on 12/14/2022 9:45:34 PM |
CentOS 7 prohibits an IP from accessing the server
https://www.itsvse.com/thread-10264-1-1.html

iptables firewall only allows certain IPs to access certain ports and specific websites
https://www.itsvse.com/thread-2535-1-1.html
Posted on 4/3/2023 2:03:43 PM |
Learn it!!
 Landlord| Posted on 9/8/2024 9:49:57 PM |
Allow IP segments to access all TCP ports


Delete this rule


Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.

Mail To:help@itsvse.com