I recently reinstalled centos7, and used many firewall commands, record them and memos.
Selinux
1. View status: getenforce ->Enforcing
2. Temporarily close: setenforce 0 ->permissive
3. Close permanently: vim /etc/sysconfig/selinux
Change selinux=cnforcing to selinux=disable
Firewall
1. Turn off the firewall: service firewalld stop
2. Turn off the firewall: systemctl stop firewalld.service
3. Prohibit the firewall from booting up: systemctl disable firewalld.service
4. Check the firewall status: firewall-cmd --state
5. Open the port that allows external network access
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=80-85/tcp --permanent
--permanent takes effect permanently, without this After the parameter restarts, it fails and returns success, which means success
6. Reload: firewall-cmd --reload (after setting, such as opening or closing the port must be reloaded to take effect)
7. Query whether the port is open: firewall-cmd --zone=public --query-port=80/tcp
8. Remove the allowed port: firewall-cmd --zone=public --remove-port=80/tcp --permanent
10. View all open ports: firewall-cmd --zone=public --list-ports
11. Update firewall rules: firewall-cmd --reload
12. View zone information: firewall-cmd --get-active-zones
13 , View the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0
14. Reject all packages: firewall-cmd --panic-on
15. Cancel the rejection status: firewall-cmd --panic-off
16 , Check whether to reject: firewall-cmd --query-panic