Firewall command:
systemctl status firewalld #View firewall status
firewall-cmd --list-ports #View firewall open ports
systemctl start firewalld.service #Open firewall
systemctl stop firewalld.service #Close firewall
firewall -cmd --reload # Restart firewall
systemctl disable firewalld.service #Prohibit firewall startup
#Open the firewall firewall port, you need to restart the firewall to take effect
firewall-cmd --zone=public --add-port=80/tcp --permanent
Command meaning:
–zone #Scope
–add-port=80/tcp #Add port, the format is: port/communication protocol
–permanent #Permanently effective, it will be invalid after restart without this parameter
Iptable firewall:
service iptables status #View iptable firewall status
iptables -L -n -v #View iptable firewall rules
systemctl start iptables #Open iptable firewall
service iptables stop #Close iptable firewall
yum install iptables -y #Install iptable firewall
systemctl enable iptables # Self-starting iptable firewall
systemctl disable firewalld #Automatically close iptable firewall after booting
iptables -F #Clear iptable rules
service iptables save #Save iptable firewall rules
iptables -A INPUT -p tcp --dport 80 -j REJECT #Forbid packets from port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT #Allow packets from port 80 access
iptables -A OUTPUT -p tcp --sport 80 -j REJECT #Prohibit data packets from port 80
iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT #Allow data packets from port 80
To sum up
, both firewall and iptable are Linux firewalls. Firewall calls the command of iptable to execute the netfilter of the kernel, that is, the bottom layer still uses iptables to filter the dynamic communication packets of the kernel command. Firewall is a new firewall command in Centos7, which is equivalent to the child of iptables. .
———————————————
Copyright Statement: This article is the original article of CSDN blogger "Huan Huan Feng", following the CC 4.0 BY-SA Copyright Agreement
Original link: https://blog.csdn .net/qq_41521180/article/details/90311477