Installation of a server outside the network can login CentOS system, although the possibility of invasion is unlikely, or firewall configuration bar, SElinux directly off well.
How to turn off SElinux: https://www.cnblogs.com/mc-r/p/11447004.html
A, centos7 version of the firewall to strengthen, no longer use the original iptables, enable firewalld
The basic use of 1.firewalld
Check status: systemctl status firewalld start: systemctl start firewalld stop: systemctl disable firewalld disabled: systemctl stop firewalld
at boot enable a service: systemctl enable firewalld.service
At boot disable a service: systemctl disable firewalld.service
See if service startup: systemctl is-enabled firewalld.service
View your active list of services: systemctl list-unit-files | grep enabled
View a list of services failed to start: systemctl --failed
Enable a service at boot: systemctl enable firewalld.service
At boot disable a service: systemctl disable firewalld.service
See if service startup: systemctl IS-Enabled firewalld.service
View your active list of services: systemctl List-Unit-Files | grep Enabled
View a list of services failed to start: systemctl --failed
Configuring firewalld-cmd
View Version: Firewall-cmd --version
View Help: Firewall-cmd --help
Display state: Firewall-cmd --state
View all open ports: Firewall-cmd = --zone public --list-the ports
Update firewall rules: Firewall-cmd --reload
Viewing area information : firewall-cmd --get-active- zones
Specifies an interface belongs: Firewall-cmd --get-Zone-of-interface eth0 =
Reject all packets: Firewall-ON-cmd --panic
Unblock state: Firewall-cmd --panic-OFF
Check whether to reject: Firewall-cmd-panic --query
3. how to open a port that it
Add to
firewall-cmd --zone = public (scope) --add-port = 80 / tcp (ports and access type) --permanent (permanent)
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload # reloads, updating firewall rules
firewall-cmd --zone = public --query-port = 80 / tcp # View
firewall-cmd --zone= public --remove-port=80/tcp --permanent # 删除
firewall-cmd --list-services
firewall-cmd --get-services
firewall-cmd --add-service=<service>
firewall-cmd --delete-service=<service>
After each modification ports and services /etc/firewalld/zones/public.xml file will be modified, so it can be modified between file and then reload
In actual use the command also modify the file needs to be reloaded to take effect.
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --zone=public --query-port=8080/tcp
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --query-port=8080/tcp
firewall-cmd after --reload # reloaded to take effect
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --query-port=8080/tcp
4. Parameter Description
-add-service # added service
-zone # Scope
-add-port = 80 / tcp # Add port, the format is: port / protocol
-permanent # permanent, this parameter does not restart after failure
5. Use detail
firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "192.168.0.4/24" service name = "http" accept' // set an ip access a service
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.0.4/24" service name="http" accept' //删除配置
firewall-cmd --permanent --add-rich-rule 'rule family = ipv4 source address = 192.168.0.1 / 2 port port = 80 protocol = tcp accept' // ip access to a port provided a
firewall-cmd --permanent --remove-rich-rule 'rule family=ipv4 source address=192.168.0.1/2 port port=80 protocol=tcp accept' //删除配置
firewall-cmd --query-masquerade # check whether to allow IP masquerading
firewall-cmd --add-masquerade # allow IP masquerading firewall
firewall-cmd --remove-masquerade # disable the firewall IP masquerading
firewall-cmd --add-forward-port = port = 80: proto = tcp: toport = 8080 # 80 forwarding traffic to the port 8080
firewall-cmd --add-forward-port = proto = 80: proto = tcp: toaddr = 192.168.1.0.1 # 80 forwards the traffic to the port 192.168.0.1
firewall-cmd --add-forward-port = proto = 80: proto = tcp: toaddr = 192.168.0.1: toport = 8080 # 80 forwards the traffic to the port 8080 of 192.168.0.1
Two, centos7 following versions
1. Open 80,22,8080 port
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -I INPUT -p
A, centos7 version of the firewall to strengthen, no longer use the original iptables, enable firewalld
The basic use of 1.firewalld
Start: systemctl Start firewalld
Check status: systemctl Status firewalld
停止: systemctl disable firewalld
Disable: systemctl STOP firewalld
Enable a service at boot: systemctl enable firewalld.service
At boot disable a service: systemctl disable firewalld.service
See if service startup: systemctl IS-Enabled firewalld.service
View your active list of services: systemctl List-Unit-Files | grep Enabled
View a list of services failed to start: systemctl --failed
Configuring firewalld-cmd
View Version: Firewall-cmd --version
View Help: Firewall-cmd --help
Display state: Firewall-cmd --state
View all open ports: Firewall-cmd = --zone public --list-the ports
Update firewall rules: Firewall-cmd --reload
Viewing area information : firewall-cmd --get-active- zones
Specifies an interface belongs: Firewall-cmd --get-Zone-of-interface eth0 =
Reject all packets: Firewall-ON-cmd --panic
Unblock state: Firewall-cmd --panic-OFF
Check whether to reject: Firewall-cmd-panic --query
3. how to open a port that it
Add to
firewall-cmd --zone = public (scope) --add-port = 80 / tcp (ports and access type) --permanent (permanent)
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload # reloads, updating firewall rules
firewall-cmd --zone = public --query-port = 80 / tcp # View
firewall-cmd --zone= public --remove-port=80/tcp --permanent # 删除
firewall-cmd --list-services
firewall-cmd --get-services
firewall-cmd --add-service=<service>
firewall-cmd --delete-service=<service>
After each modification ports and services /etc/firewalld/zones/public.xml file will be modified, so it can be modified between file and then reload
In actual use the command also modify the file needs to be reloaded to take effect.
firewall-cmd --zone=public --query-port=80/tcp
firewall-cmd --zone=public --query-port=8080/tcp
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --query-port=8080/tcp
firewall-cmd after --reload # reloaded to take effect
firewall-cmd --zone=public --query-port=3306/tcp
firewall-cmd --zone=public --query-port=8080/tcp
4. Parameter Description
-add-service # added service
-zone # Scope
-add-port = 80 / tcp # Add port, the format is: port / protocol
-permanent # permanent, this parameter does not restart after failure
5. Use detail
firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = "ipv4" source address = "192.168.0.4/24" service name = "http" accept' // set an ip access a service
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.0.4/24" service name="http" accept' //删除配置
firewall-cmd --permanent --add-rich-rule 'rule family = ipv4 source address = 192.168.0.1 / 2 port port = 80 protocol = tcp accept' // ip access to a port provided a
firewall-cmd --permanent --remove-rich-rule 'rule family=ipv4 source address=192.168.0.1/2 port port=80 protocol=tcp accept' //删除配置
firewall-cmd --query-masquerade # check whether to allow IP masquerading
firewall-cmd --add-masquerade # allow IP masquerading firewall
firewall-cmd --remove-masquerade # disable the firewall IP masquerading
firewall-cmd --add-forward-port = port = 80: proto = tcp: toport = 8080 # 80 forwarding traffic to the port 8080
firewall-cmd --add-forward-port = proto = 80: proto = tcp: toaddr = 192.168.1.0.1 # 80 forwards the traffic to the port 192.168.0.1
firewall-cmd --add-forward-port = proto = 80: proto = tcp: toaddr = 192.168.0.1: toport = 8080 # 80 forwards the traffic to the port 8080 of 192.168.0.1
Two, centos7 following versions
1. Open 80,22,8080 port
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
2. Save
/etc/rc.d/init.d/iptables save
3. Check the open ports
/etc/init.d/iptables status
4. Turn off the firewall
1) permanently take effect after the restart will not recover
Open: chkconfig iptables ON
Close: chkconfig iptables OFF
2) with immediate effect, after the restart recovery
Open: Service iptables Start
Close: Service iptables STOP
tcp --dport 8080 -j ACCEPT
2. Save
/etc/rc.d/init.d/iptables save
3. Check the open ports
/etc/init.d/iptables status
4. Turn off the firewall
1) permanently take effect after the restart will not recover
Open: chkconfig iptables ON
Close: chkconfig iptables OFF
2) with immediate effect, after the restart recovery
Open: Service iptables Start
Close: Service iptables STOP