Chapter 8 iptables firewall and firewalld
8.0 NIC setting four ways
(1) command mode: vim / etc / sysconfig / network -scripts / ifcfg-eno card number;
(2) Graphical interface: nmtui;
(. 3) graphical interface: nm-connection- Editor;
(4) graphical interface: upper right corner of the virtual machine network configuration;
Once configured, note that: (1) onboot = yes must be enabled; (2) to restart the network before the start effect: systemctl restart network.
8.1 firewall management tools: firewall traffic through the firewall itself based on transition strategies, acts as a protective barrier between the internal network and the public network.
(1) iptables-- handed over to the netfilter kernel-level network to handle the transition - firewall management tools --- RHEL7 previous version of linux.
(2) firewalld-- referred nftables transition package kernel-level framework to deal with - waterproof wall management tool --RHEL7 version.
Iptables 8.2
8.2.1 policy rule chain
Firewall policy rule: pass, two kinds of block; policy entry traffic for processing or filtering rule, a plurality of rules rule chain, the chain rule based packet processing to position different points class 5:
(1) pre-processing routing data packets: - the PREROUTING
(2) processing a data packet flows: - the INPUT
(. 3) for processing data packets flowing out of: - the OUTPUT
(. 4) process packets forwarded: --FORWARD
(5) routing processing packets: - POSTROUTING
operation processing is divided into four categories:
(1) allowing: - ACCEPT-- allows traffic;
(2) refuse: - REJECT-- deny traffic by allowing the sender traffic information data in response seen clearly rejected. Note: refused to use REJECT the time of the exam.
(3) rejection: - DROP-- reject traffic, the flow directly discarded without response.
(4) Log: - LOG-- logging information.
Note:
(1) firewall policy rules that match the order from the top down, so take more stringent, higher-priority policy to the front, so as to avoid errors;
(2) use iptables firewall rules configured by default in the system fail restart time, if you want to configure firewall policy permanent, to perform the save command: service iptables save.
8.3 firewalld firewall management tools: for RHEL default firewall management tools, there are two ways to command-line and graphical interface, two modes of two strategies configurations
(1) run-time mode (Runtime) - currently in effect mode - With reboot the system will fail;
(2) a permanent mode (permanent) - permanent mode - the current does not take effect, take effect after a system reboot. If you want to take effect immediately, will have to enter the command firewall-cmd --reload.
NOTE: Use firewall-config After a graphical interface interface, no secondary confirmation period, as long as the modified content, it will be automatically saved.
8.4 Service Access Control Lists
two-level firewall: (1) filtering tool flow tcp / ip protocol-based: iptables, firewall; (2) to allow or prohibit linux system firewall to provide services: TCP Wrappers. Its firewall policy is controlled by two control list files, control effect immediately after the list of file modifications. Execution of the query sequence detection system:
(1) allows the control list file: - / etc / hosts.allow-- corresponding policy such as matching the flow rate is released;
(2) reject the file control list: - / etc / hosts.deny - If a match is found then reject the flow;
(3) If the above two documents did not match all of the policy to the default release traffic.
