Overview
After FineBI project is deployed to the Windows system, you need to open the project port in the Linux system so that the project address can be accessed by other computers.
Centos 7 firewall
Basic Using of firewalld
Enable firewall: systemctl start firewalld
Disable firewall: systemctl stop firewalld
View firewall status: systemctl status firewalld
Disable on startup: systemctl disable firewalld
Enable on startup: systemctl enable firewalld
Basic Using of systemctl
Start a service: systemctl start firewalld.service
Stop a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
Display the status of a service: systemctl status firewalld.service
Enable a service on startup: systemctl enable firewalld.service
Disable a service on startup: systemctl disable firewalld.service
Check if a service is started on startup: systemctl is-enabled firewalld.service
View a list of services that have been started: systemctl list-unit-files|grep enabled
View a list of services that failed to start: systemctl --failed
Configuring firewalld-cmd
View the version: firewall-cmd --version
View help: firewall-cmd --help
Display status: firewall-cmd --state
View all open ports: firewall-cmd --zone=public --list-ports
Update firewall rules: firewall-cmd --reload
View area information: firewall-cmd --get-active-zones
View the area of a specified interface: firewall-cmd --get-zone-of-interface=eth0
Reject all packets: firewall-cmd --panic-on
Cancel rejection: firewall-cmd --panic-off
Check rejection status: firewall-cmd --query-panic
Steps for Opening Ports
Adding Ports1. Enabing the firewall.
Use systemctl status firewalld to check the firewall status. If it is not enabled, use systemctl start firewalld to enable it.
2. Opening Ports
Use firewall-cmd --list-port to check the open ports of the firewall. If there is no return step, it means there are no open ports. Use firewall-cmd --zone=public --add-port=8083/tcp --permanent to open ports. Use firewall-cmd --reload to reload the firewall rules.
1. Viewing Ports
firewall-cmd --zone=public --query-port=8083/tcp
2. Deleting Open Ports
firewall-cmd --zone=public --remove-port=8083/tcp --permanentfirewall
-cmd --reload
3. Adjusting Default Rules (from denying all access by default to allowing all access)
firewall-cmd --permanent --zone=public --set-target=ACCEPTfirewall
-cmd --reload
4. Opening Multiple Ports for a Certain IP
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.159.60.29" port
protocol="tcp" port="1:65535" accept"
firewall-cmd --reload
Centos 6 iptables
Basic Using of iptables
Start: service iptables start
Stop: service iptables stop
View status: service iptables status
Disable on startup: chkconfig iptables off
Enable on startup: chkconfig iptables on
Opening Specific Port Statements
1. Allow local loopback interface (allow accessing local system from itself): iptables -A INPUT -i lo -j ACCEPT
Note: The -A and -I parameters need to be added to the end and beginning of the rule respectively.
2. Allow established or related traffic: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3. Allow all outbound accessing from the local system: iptables -P INPUT ACCEPTiptables -A OUTPUT -j ACCEPT
4. Allow access to port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables
-A INPUT -p tcp -s 10.159.1.0/24 --dport 22 -j ACCEPT
Note: -s can be followed by an IP range or a specific IP address. The rules are similar if there are other ports.
5. Allow the ping command: iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
6. Prohibit access by other unauthorized rules:
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
Note: If port 22 is not added to the allowed rules, the SSH connection will be disconnected directly.
Blocking IP Address
1. Block a single IP address: iptables -I INPUT -s 123.45.6.7 -j DROP
2. Block an entire range of an IP (from 123.0.0.1 to 123.255.255.254): iptables -I INPUT -s 123.0.0.0/8 -j DROP
3. Block an IP range from 123.45.0.1 to 123.45.255.254: iptables -I INPUT -s 124.45.0.0/16 -j DROP
4. Block an IP range from 123.45.6.1 to 123.45.6.254: iptables -I INPUT -s 123.45.6.0/24 -j DROP
Rules of iptables
View existing rules: iptables -L -n
N: It only displays IP address and port number and do not resolve IP address to domain name.
To display all iptables rules with numbers, you can execute the command: iptables -L -n --line-numbers.
Adding Rules
iptables -A and iptables -I
1. iptables -A
The rule is added at the end. For example, you can add a rule for the INPUT chain, allowing it accepting data sent to the local system from eth0 interface with source address in the 192.168.0.0/16 network segment:
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT
2. iptables -I
The rule is added to the first position by default. If you want to specify the position of the insertion rule, you can use the iptables -I command to specify the position number.
Deleting Rules
To delete a specific rule, you can use the iptables -D command. You can add a sequence number or detailed definition at the end of the command.
If you want to clear all rules, you can use iptables -F.
Saving and Restoring Rules
Backuping iptables Rules
Use the iptables-save command like iptables-save > /etc/sysconfig/iptables.save.
Restoring iptables Rules
Use iptables command like iptables-restore < /etc/sysconfig/iptables.save.
Saving iptables Configurations
The configurations will be lost after the system is restarted. You can use service iptables save to save.
Restart the iptables service to make it effective: service iptables save.
After adding the rules, save and restart to make them effective: service iptables restart.
Steps for Opening Ports
Method 1: Using Command Lineiptables -A INPUT -p tcp --dport 80 -j ACCEPT
service iptables save
service iptables restart
The configuration file for iptables is /etc/sysconfig/iptables.
Edit the configuration file: vi /etc/sysconfig/iptables.
1. Add the following content to the configuration file:
-A INPUT -p tcp --dport 80 -j ACCEPT
2. Execute service iptables restart to restart the system and make the modification effective.
Notes
Cloud servers require settings of additional security group and opening relevant ports.
Previous:Setting Inbound and Outbound Rules for Windows Server
