banner
ECSS11

Kita ☆ Kita ☆

试试 Xlog 做博客(并把好久之前写的老文章搬过来)之每年都要换一个网站,也不知道何时是个头。
HomeArchives

FIrewalld User Manual

#firewalld30
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Firewalld is the default firewall system for CentOS and similar systems, akin to Ubuntu's ufw. Its advantages include the ability to apply inbound and outbound rules without restarting services, easy configuration for services and users, and the separation of permanent and temporary rules for real-time evaluation. To install Firewalld, use the command `sudo yum update && sudo yum install firewalld`. Key commands include: - To view active zones: `firewall-cmd --get-active-zones` - To list rules in the public zone: `firewall-cmd --zone=public --list-all` - To open a port permanently: `firewall-cmd --zone=public --add-port=5000/tcp --permanent` - To close a port permanently: `firewall-cmd --zone=public --remove-port=5000/tcp --permanent` - To add a built-in service: `firewall-cmd --zone=public --add-service=http` - To reload rules: `firewall-cmd --reload` (hot reload) or `firewall-cmd --complete-reload` (cold reload).

What is Firewalld: It is the default firewall system under Centos or similar systems, similar to Ubuntu's ufw system.

Advantages of Firewalld#

The inbound and outbound rules added using Firewalld can be enabled directly in the running environment without needing to restart the service itself.

Using the interface provided by Firewalld, it is easy to configure any rules for services, applications, and users.

By separating permanent and in-memory rules, users can evaluate the added rules in real-time. Any non-permanent rules added will disappear during the next hot reload or service restart. Permanent rules will be retained after reloading. In this way, users can add some temporary settings. If the configuration has been evaluated and runs successfully, then this rule can be added to the permanent settings.

Installing and Downloading Firewalld#

Download and install the firewalld package:

sudo yum update && sudo yum install firewalld

Firewalld Rule Configuration#

Getting Active Status#

View Zones: Get the currently active zones, which default to public in most cases.

firewall-cmd --get-active-zones

List Rules: Get the currently configured rules for the active zone.

firewall-cmd --zone=public --list-all

Adding and Closing Ports#

Open Port: Permanently allow TCP traffic on port 5000 in the public zone.

firewall-cmd --zone=public --add-port=5000/tcp --permanent

The firewalld service also supports opening a range of addresses, for example, --add-port=5000-5500/tcp opens all TCP ports from 5000 to 5500.

Close Port: Permanently close TCP port 5000 in the public zone.

firewall-cmd --zone=public --remove-port=5000/tcp --permanent

Adding and Closing Services#

You can use the built-in services of the firewall, or you can customize the service name using the --service= option when adding ports. Check this documentation for more information.

Get Services: Use --get-services to get all available service rules.

firewall-cmd --get-services

Add Service: Use --add-service to add a built-in service.

firewall-cmd --zone=public --add-service=http

Enable Added Rules#

Hot Reload: Use reload to hot reload rules.

firewall-cmd --reload

Cold Reload: Use complete-reload to cold reload rules.

firewall-cmd --complete-reload
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.