Today About linux system firewall: centos5, centos6, redhat6 system comes with a iptables firewall, centos7, redhat7 firewall comes with a firewall, ubuntu system using ufw firewall. This platform is installed www.gxdeqiong.com iptables firewall (other cloud service providers may use a different firewall).
Firewall service does not normally cause problems:
After the server installation certain services, the service can not connect, you can not start properly and so on. Check the system has no open firewall port-related services. (Linux system should restart the firewall after firewall open the relevant port, restart firewall firewall rules take effect)
About 80 Port:
Should the relevant provisions of the relevant state departments to resolve domain name must be in the country for the record, so use port 80 customers must provide information related to domain name registration, after the top 80 ports open our firewall, port 80 to the cloud server normal use.
Common Commands:
firewall-cmd --state ## View firewall status, whether it is running
systemctl status firewalld.service ## View firewall status
systemctl start firewalld.service ## start firewall
systemctl stop firewalld.service ## temporarily turn off the firewall
systemctl enable firewalld.service ## boot firewall settings
systemctl disable firewalld.service ## firewall settings prohibit boot
firewall-cmd --permanent --query-port = 80 / tcp ## to see there is no open port 80
After the firewall-cmd --reload ## reload the configuration, such as adding rules need to execute this command
firewall-cmd --get-zones ## lists the supported zone
firewall-cmd --get-services ## pre-defined list of services
firewall-cmd --query-service ftp ## ftp service to see whether to release returns yes or no
firewall-cmd --add-service = ftp ## ftp service temporarily open
firewall-cmd --add-service = ftp --permanent ## permanently open ftp service
firewall-cmd --remove-service = ftp --permanent ## to permanently remove ftp service
firewall-cmd --add-port = 80 / tcp --permanent ## permanently add port 80
firewall-cmd --zone = public --remove-port = 80 / tcp --permanent ## removal port 80
iptables -L -n ## Review the rules and iptables command is the same
man firewall-cmd ## View Help
Definition:
--zone # Scope
--permanent # permanent, this parameter does not restart after failure