CentOS 7.0 Firewall On/Off

CentOS 7.0 uses firewall as a firewall by default and uses systemctl to manage services and programs, including service and chkconfig

1. View the default firewall status (not running when turned off, running when turned on)

[root@localhost ~]# firewall-cmd --state
not running

2. Check the status of the firewall

[root@localhost ~]# systemctl list-unit-files|grep firewalld.service
firewalld.service                             disabled
[root@localhost ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)                 --Indicates that the firewall is off
  Docs: man:firewalld(1)

3. Turn on the firewall

[root@localhost ~]#Systemctl startFirewalld.service--Start firewall
[root@localhost ~]# Systemctl enableFirewalld.service--Start firewall on startup
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service. 

4. Turn off the firewall:

[root@localhost ~]#Systemctl stopFirewalld.service--Stop firewall
[root@localhost ~]# Systemctl disableFirewalld.service--Prevent firewall from starting
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

5. Restart Firewall

[root@localhost ~]# systemctl restart firewalld.service

6. Check whether the firewall is on and off

[root@localhost ~]# systemctl is-enabled firewalld.service;echo $?
enabled -- self-starting
[root@localhost ~]# systemctl is-enabled firewalld.service;echo $?
disabled -- not self-starting

7. View list of started services

[root@localhost ~]# systemctl list-unit-files|grep enabled
auditd.service                                      enabled 
autovt@.service                                     enabled 
avahi-daemon.service                                enabled 
crond.service                                       enabled 

8. Open Port

[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
//Command Meaning:
–zone #Scope
–add-port=80/tcp #Add a port in the format Port/Communication Protocol
–permanent #Permanently valid, invalidated after restart without this parameter

9. View open ports

[root@localhost ~]# firewall-cmd --list-port

10. Here's the difference between the default firewalls for CentOS7 and 6

CentOS 7 uses firewall by default and must be reset to use iptables

1. Close the firewall directly

systemctl stop firewalld.service #Stop firewall
systemctl disable firewalld.service #Disable firewall startup

2. Set up iptables service

yum -y install iptables-services

3. If you want to modify firewall configuration, such as adding firewall port 3306

vi /etc/sysconfig/iptables 
Add Rules
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
 Save after exit
 Systemctl restartIptables.service#Restart firewall for configuration to take effect
 Systemctl enableIptables.service#Set Firewall Start Up

4. Finally, restart the system to make the settings effective

systemctl start iptables.service #Open Firewall
systemctl stop iptables.service #Close Firewall

Keywords: firewall iptables CentOS DBus

Added by kabucek on Fri, 03 Jul 2020 19:18:49 +0300