Operation commands of CentOS7 firewall
Installation:
yum install firewalld
- Basic use of firewalld
Start:
systemctl start firewalld
View status:
systemctl status firewalld
Disable, disable startup:
systemctl disable firewalld
Stop operation:
systemctl stop firewalld
- Configure firewalld CMD
View version:
firewall-cmd --version
View help:
firewall-cmd --help
Display status:
firewall-cmd --state
View all open ports:
firewall-cmd --zone=public --list-ports
Update firewall rules:
firewall-cmd --reload
Update firewall rules and restart the service:
firewall-cmd --completely-reload
To view the activated Zone information:
firewall-cmd --get-active-zones
View the area to which the specified interface belongs:
firewall-cmd --get-zone-of-interface=eth0
Reject all packages:
firewall-cmd --panic-on
Cancel reject status:
firewall-cmd --panic-off
Check whether to reject:
firewall-cmd --query-panic
- The trust level is specified by the value of Zone
drop: discards all incoming packets without giving any response
block: reject all externally initiated connections and allow internally initiated connections
public: allow the specified to enter the connection
external: the same as above. For masquerade incoming connections, they are generally used for routing and forwarding
dmz: allow restricted access connections
work: allow trusted computers to enter the connection restricted, similar to workgroup
home: same as above, similar to homegroup
internal: same as above. The scope is for all Internet users
trusted: trust all connections - firewall opening and closing ports
The following refers to the operations under the public zone. For different zones, just change the value behind the zone
add to:
firewall-cmd --zone=public --add-port=80/tcp --permanent #(-- permanent takes effect permanently. It will become invalid after restarting without this parameter)
Reload:
firewall-cmd --reload
see:
firewall-cmd --zone=public --query-port=80/tcp
Delete:
firewall-cmd --zone=public --remove-port=80/tcp --permanent
- management service
Take the smtp service as an example and add it to the work zone
add to:
firewall-cmd --zone=work --add-service=smtp
see:
firewall-cmd --zone=work --query-service=smtp
Delete:
firewall-cmd --zone=work --remove-service=smtp
- Configure IP address camouflage
see:
firewall-cmd --zone=external --query-masquerade
Open:
firewall-cmd --zone=external --add-masquerade
close:
firewall-cmd --zone=external --remove-masquerade
- Port forwarding
To open port forwarding, you first need to open the IP address camouflage firewall CMD -- zone = external -- add masquerade
Forward TCP port 22 to 3753:
firewall-cmd --zone=external --add-forward-port=22:porto=tcp:toport=3753
Forward port data to the same port of another IP:
firewall-cmd --zone=external --add-forward-port=22:porto=tcp:toaddr=192.168.1.112
Forward port data to port 3753 of another IP:
firewall-cmd --zone=external --add-forward-port=22:porto=tcp:: toport=3753:toaddr=192.168.1.112
- systemctl is the main tool in the service management tool of CentOS7. It integrates the functions of service and chkconfig.
Start a service:
systemctl start firewalld.service
Shut down a service:
systemctl stop firewalld.service
Restart a service:
systemctl restart firewalld.service`
Displays the status of a service:
systemctl status firewalld.service
Enable a service at boot time:
systemctl enable firewalld.service
Disable a service at power on:
systemctl disable firewalld.service
Check whether the service is started:
systemctl is-enabled firewalld.service
To view a list of started services:
systemctl list-unit-files|grep enabled
To view the list of services that failed to start:
systemctl --failed