Contents of this article
Second, the command to manage the firewall
2.1.1 First check the firewall status
2.1.3 Set auto start after power-on
2.1.5 Check whether the firewall setting is successful after booting up
I. Introduction
In Centos 7.x, the firewall is managed by firewalld. In the past, the firewall was turned off for convenience. Now that the projects are more important and afraid of being attacked, the firewall needs to be turned on for security. Next, let’s introduce the commonly used ones. command.
Second, the command to manage the firewall
There are many commands for managing firewalls, here are a few commonly used ones.
2.1, turn on the firewall
2.1.1 First check the firewall status
Command: firewall-cmd --state
The open state is as follows:
The closed state is as follows:
2.1.2 Turn on the firewall
命令:systemctl start firewalld.service
2.1.3 Set auto start after power-on
命令:systemctl enable firewalld.service
2.1.4 Restart the firewall
命令:systemctl restart firewalld.service
2.1.5 Check whether the firewall setting is successful after booting up
命令:systemctl is-enabled firewalld.service;echo $?
As shown in the figure below, it means self-starting is successful
The above are the steps to open the firewall
2.2, open a specific port
After turning on the firewall, some of our services will not be accessible because the relevant ports of the service are not opened. Here is an example of opening port 80/3306
2.2.1 Add port
Command: firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent takes effect permanently, and it becomes invalid after restart without this parameter)
If you want to add another port number, please repeat the command after modifying the 80 port number, such as: firewall-cmd --zone=public --add-port=3306/tcp --permanent
Add ports in batch (add all ports between 1000 and 2000)
命令:firewall-cmd --zone=public --add-port=1000-2000/tcp --permanent
Command meaning: --zone #scope--add-port=80/tcp #add port, format is: port/communication protocol--permanent #permanent effect, invalid after restart without this parameter
As shown in the figure below, it means the addition is successful:
2.2.2 Reload
Command: firewall-cmd --reload
2.2.3 View
命令:firewall-cmd --zone=public --query-port=80/tcp
2.2.4 Delete
命令:firewall-cmd --zone=public --remove-port=80/tcp --permanent
2.2.5 Turn off the firewall
命令:systemctl stop firewalld.service
2.2.6 View all open ports
Command: firewall-cmd --list-ports
2.2.7 View service monitoring
Command: netstat -ntlp
.
end!