This is the 17th day of my participation in the November Gwen Challenge. Check out the event details: The last Gwen Challenge 2021

Firewall brief introduction

The firewall is the firewall tool enabled by default in Centos7

Firewalld uses the /usr/lib/firewalld XML configuration to automatically load the default iptables configuration at startup and apply the default iptables configuration to the system. And then apply it to the system

Firewall-cmd is the firewalld client command line, which can be used to control Firewalld

The definition of this article is practical

Firewal start, stop, close, check the status

1. Check the status

Systemctl status firewalld or firewall-cmd –state

2. Start

systemctl start firewalld

3. Close the

systemctl stop firewalld

4. Stop using

systemctl disable firewalld

5. Other

Start systemctl enable Firewalld

List view has launched the service systemctl list – unit – files | grep enabled

View the list of services that fail to start. Systemctl –failed

View all firewall policies

$ firewall-cmd --list-all

    target: default
    icmp-block-inversion: no
    interfaces: enp0s3 enp0s8
    sources: 
    services: ssh dhcpv6-client
    ports: 80/tcp 8099/tcp 8098/tcp
    protocols: 
    masquerade: no
    forward-ports: 
    source-ports: 
    icmp-blocks: 
    rich rules: 
Copy the code

4. Add and delete IP addresses and ports

-permanent Takes effect permanently. If this parameter is not specified, the parameter becomes invalid after the restart

1. Update firewall rules

firewall-cmd --reload
Copy the code

It must be reloaded after modification

2. Ports are related

1). Add a permanent port

firewall-cmd --add-port=80/tcp --permanent
Copy the code

(Port 80 is added here)

2). Delete a port

firewall-cmd --remove-port=80/tcp --permanent
Copy the code

3). View all open ports

firewall-cmd  --list-ports
Copy the code

The default value is [–zone=public].

3. IP related

1). Forbid specific IP addresses to access port 8080

Firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.4/24" port protocol=" TCP" port="8080" reject"Copy the code

2). Allow specific IP addresses to access port 8080

Firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.4/24" port protocol=" TCP" port="8080" accept"Copy the code

3). Delete rules

Firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.4/24" port protocol=" TCP" port="8080" accept"Copy the code

Change add to remove for the delete rule

Forward five.

1). Enable camouflaged IP

firewall-cmd --permanent --add-masquerade
Copy the code

2). Forward the traffic of port 80 to 8080

firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080  --permanent
Copy the code

3). Forward the traffic from port 80 to 192.168.0.1

Firewall - CMD - add - forward - port = proto = 80: proto = TCP: toaddr = 192.168.0.1 - permanentCopy the code

4). Forward the traffic from port 80 to port 8080 at 192.168.0.1

Firewall - CMD - add - forward - port = proto = 80: proto = TCP: toaddr = 192.168.0.1: toport = 8080 - permanentCopy the code

conclusion

As far as the letter is not as good, the above content is purely one’s opinion, due to the limited personal ability, it is inevitable that there are omissions and mistakes, if you find bugs or have better suggestions, welcome criticism and correction, don’t hesitate to appreciate

If you like my article, you can [follow]+[like]+[comment], your three even is my forward motivation, looking forward to growing with you ~

Source: author: ZOUZDC links: https://juejin.cn/post/7028963866063306760 re the nuggets copyright owned by the author. Commercial reprint please contact the author for authorization, non-commercial reprint please indicate the source.Copy the code