CentOS7 firewall settings and installation and setup iptables

Others 2020-10-26 15:33:45 views: null

Firewall settings

  • # View firewall service status systemctl status firewalld
  • # View the status of firewall firewall-cmd --state       
  • # View firewall rules firewall-cmd --list-all    
  • # Start firewalld.service service systemctl firewalld start
  • # Restart firewalld.service service systemctl firewalld restart
  • # Close firewalld.service service systemctl firewalld stop
  • # Query whether the irewalld port is open firewall-cmd --query-port=8080/tcp 
  • # Open port 80 firewall-cmd --permanent --add-port=80/tcp
  • # Unopen port 8080 firewall-cmd --permanent --remove-port=8080/tcp
  • # Refresh the firewall configuration (refresh the firewall after modifying the configuration) firewall-cmd --reload

Starting from CentOS7, there is no iptables by default, but firewall is used. Now we block the firewall and use iptables.

Install iptables-service 

1. Stop and block firewalld service

  停止:systemctl stop firewalld

  屏蔽:systemctl mask firewalld

2. Install the iptables-service package

  yum install iptables-services

3. Enable iptables service at boot

systemctl enable iptables

4. Start the iptables service

  systemctl start iptables

5. Save firewall rules

service iptables save

Configure iptables

vim /etc/sysconfig/iptables

1. Linux firewall Iptable settings only allow access to port 80

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

2. Only allow 192.168.11.124 to access port 8080 of the machine

-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.11.124  --dport 80 -j ACCEPT

3. Restart iptables

 service iptables restart

4. Check whether iptables takes effect

 iptables -L

Port forwarding configuration

1. The first thing you should do is net.ipv4.ip_forward = 1 in the /etc/sysctl.conf configuration file. The default is 0. This allows iptalbes FORWARD.

2, service iptables stop close the firewall

3. Reconfigure the rules

Forward native 80 to 8090

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8090

#iptables -t nat -A PREROUTING --dst 61.144.14.72 -p tcp --dport 3389 -j DNAT --to-destination 116.6.73.229:3389
#iptables -t nat -A POSTROUTING --dst 116.6.73.229 -p tcp --dport 3389 -j SNAT --to-source 61.144.14.72

 4. Save the current rules to the configuration file (/etc/sysconfig/iptables)

service iptables save


You can also directly modify the configuration file content configuration rules, the file content:

# Generated by iptables-save v1.4.7 on Thu Feb 20 18:05:24 2020
*nat
:PREROUTING ACCEPT [33:3209]
:POSTROUTING ACCEPT [18:1206]
:OUTPUT ACCEPT [18:1206]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8090 
COMMIT
# Completed on Thu Feb 20 18:05:24 2020

Guess you like

Origin blog.csdn.net/u014553029/article/details/104037941
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com