1, The concept of firewall

Firewall technology is a kind of technology that helps computer network to build a relatively isolated protective barrier between its internal and external networks by organically combining various kinds of software and hardware devices for security management and screening, so as to protect user data and information security.

The professional firewall is composed of software and hardware, which can protect the whole network, and the price is also very expensive. It has powerful functions from tens of thousands to hundreds of thousands, mainly including intrusion detection, network address conversion, audit monitoring of network operation, strengthening network security services and other functions.

The firewall of the operating system (Windows and Linux) has only the software part, which is used to protect the operating system. It has simple functions and can only prevent simple attacks.

The main content of this paper is to introduce the use and configuration of firewall above CentOS 7.

2, Firewall configuration

The firewall of CentOS7 is more powerful than that of CentOS6, and the configuration method and operation command are totally different.

The firewall rule of CentOS7 can be either a port or a service.

The firewall views and configures the commands described below. If there is no special instruction, it means that administrator permission is required.

1. View firewall commands

1) View the version of the firewall.

firewall-cmd --version

2) View the status of the firewall.

firewall-cmd --state

3) View the status of the firewall service (executable for normal users).

systemctl status firewalld

4) View all firewall information.

firewall-cmd --list-all

5) View the open ports of the firewall.

firewall-cmd --list-port

6) View the services that the firewall has opened.

firewall-cmd --list-service

7) View the list of all services (executable for ordinary users).

firewall-cmd --get-services

8) Check whether the firewall service is started.

systemctl is-enabled firewalld.service

2. Configure firewall commands

1) Start, restart and shut down the firewall service.

#start-up
systemctl start firewalld.service
#restart
systemctl restart firewalld.service
#Close
systemctl stop firewalld.service

2) Open, remove a port.

#To open up80port
firewall-cmd --zone=public --add-port=80/tcp --permanent
#Remove80port
firewall-cmd --zone=public --remove-port=80/tcp --permanent

3) Open and remove the range port.

#To open up5000-5500Port between
firewall-cmd --zone=public --add-port=5000-5500/tcp --permanent
#Remove5000-5500Port between
firewall-cmd --zone=public --remove-port=5000-5500/tcp --permanent

4) Open, remove services.

#Open ftp service
firewall-cmd --zone=public --add-service=ftp --permanent
#Remove http service
firewall-cmd --zone=public --remove-service=ftp --permanent

5) Reload the firewall configuration (after modifying the configuration, reload the firewall configuration or restart the firewall service).

firewall-cmd --reload

6) Set to enable and disable the firewall service at power on.

#Enable service
systemctl enable firewalld.service
#Disable Service
systemctl disable firewalld.service

3, centos7 and below

1) Open port 80, 228080.

/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

2) Save.

/etc/rc.d/init.d/iptables save

3) View open ports.

/etc/init.d/iptables status

4) Start and close the firewall service.

#Startup service
service iptables start
#Shut down service
service iptables stop

5) Set to enable and disable the firewall service at power on.

#Enable service
chkconfig iptables on
#Disable Service
chkconfig iptables off

4, Cloud platform access policy configuration

If you purchase a ECs, in addition to configuring the firewall of the ECS, you need to log in to the management platform of the ECS provider to configure the access policy (or security group).

Different cloud server providers have different management platform operation methods. Read the operation manual or Baidu for specific operation methods, or consult the customer service of cloud server providers.

5, Copyright notice

C language technology net original article, reprint please explain the article source, the author and the original link.
Source: C language technology network (www.freecplus.net)
Author: Manon Youdao

If there is a mistake in the article, or there is a mistake in the content, or other suggestions and opinions, please leave a message for correction, thank you very much!!!