Centos7 firewall releases or restricts specified IP and port (firewall)

Time:2021-6-1
Iptables is not installed in centos7 by default. You can install iptables manually; You can also configure the firewall through the firewall provided by centos7.
 
1. View firewalld.service service status
systemctl status firewalld

 

 

 

2. Check the operation status of firewall
firewall-cmd --state

 

 
 
 
3. Start / stop / restart firewalld.service manually
#Start firewalld
service firewalld start
#Stop firewalld
service firewalld stop
#Restart firewalld
service firewalld restart

 

 

 
4. Display the currently configured firewall rules
firewall-cmd --list-all
 

 

 
5. Port query / opening
#Query whether the port is open
firewall-cmd --query-port=8080/tcp
#New permanent rule, open port 8080 (TCP protocol)
firewall-cmd --permanent --add-port=8080/tcp
#Remove the above rules
firewall-cmd --permanent --remove-port=8080/tcp

 

 

 
6. Opening of IP (IP segment)
#Create a new permanent rule to open the access of 192.168.1.1 single source IP
firewall-cmd --permanent --add-source=192.168.1.1
#Create a new permanent rule to open 192.168.1.0/24 access to the whole source IP segment
firewall-cmd --permanent --add-source=192.168.1.0/24
#Remove the above rules
firewall-cmd --permanent --remove-source=192.168.1.1

 

 

 

7. Opening of system services
#Open HTTP service
firewall-cmd --permanent --add-service=http
#Remove the above rules
firewall-cmd --permanent --remove-service=http

 

8. Customize complex rules (pay attention to whether they conflict with existing rules)
#Allow specified IP to access local port 8080
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" accept'
#Allow specified IP segment to access local port 8080-8090
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="8080-8090" accept'
#The specified IP is not allowed to access the local 8080 port
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="8080" reject'
 
9. For any modification operation, after the configuration is completed, firewall needs to be reloaded. The firewalld service can be restarted.
firewall-cmd --reload
service firewalld restart