Firewall technology is a kind of technology that helps computer network to build a relatively isolated protective barrier between its internal and external networks by organically combining various kinds of software and hardware devices for security management and screening, so as to protect user data and information security.
The professional firewall is composed of software and hardware, which can protect the whole network, and the price is also very expensive. It has powerful functions from tens of thousands to hundreds of thousands, mainly including intrusion detection, network address conversion, audit monitoring of network operation, strengthening network security services and other functions.
The firewall of the operating system (Windows and Linux) has only the software part, which is used to protect the operating system. It has simple functions and can only prevent simple attacks.
The main content of this paper is to introduce the use and configuration of firewall above CentOS 7.
The firewall of CentOS7 is more powerful than that of CentOS6, and the configuration method and operation command are totally different.
The firewall rule of CentOS7 can be either a port or a service.
The firewall views and configures the commands described below. If there is no special instruction, it means that administrator permission is required.
1) View the version of the firewall.
2) View the status of the firewall.
3) View the status of the firewall service (executable for normal users).
systemctl status firewalld
4) View all firewall information.
5) View the open ports of the firewall.
6) View the services that the firewall has opened.
7) View the list of all services (executable for ordinary users).
8) Check whether the firewall service is started.
systemctl is-enabled firewalld.service
1) Start, restart and shut down the firewall service.
#start-up systemctl start firewalld.service #restart systemctl restart firewalld.service #Close systemctl stop firewalld.service
2) Open, remove a port.
#To open up80port firewall-cmd --zone=public --add-port=80/tcp --permanent #Remove80port firewall-cmd --zone=public --remove-port=80/tcp --permanent
3) Open and remove the range port.
#To open up5000-5500Port between firewall-cmd --zone=public --add-port=5000-5500/tcp --permanent #Remove5000-5500Port between firewall-cmd --zone=public --remove-port=5000-5500/tcp --permanent
4) Open, remove services.
#Open ftp service firewall-cmd --zone=public --add-service=ftp --permanent #Remove http service firewall-cmd --zone=public --remove-service=ftp --permanent
5) Reload the firewall configuration (after modifying the configuration, reload the firewall configuration or restart the firewall service).
6) Set to enable and disable the firewall service at power on.
#Enable service systemctl enable firewalld.service #Disable Service systemctl disable firewalld.service
1) Open port 80, 228080.
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
3) View open ports.
4) Start and close the firewall service.
#Startup service service iptables start #Shut down service service iptables stop
5) Set to enable and disable the firewall service at power on.
#Enable service chkconfig iptables on #Disable Service chkconfig iptables off
If you purchase a ECs, in addition to configuring the firewall of the ECS, you need to log in to the management platform of the ECS provider to configure the access policy (or security group).
Different cloud server providers have different management platform operation methods. Read the operation manual or Baidu for specific operation methods, or consult the customer service of cloud server providers.
C language technology net original article, reprint please explain the article source, the author and the original link.
Source: C language technology network (www.freecplus.net)
Author: Manon Youdao
If there is a mistake in the article, or there is a mistake in the content, or other suggestions and opinions, please leave a message for correction, thank you very much!!!