After FineBI project is deployed to the Windows system, you need to open the project port in the Linux system so that the project address can be accessed by other computers.
Enable firewall: systemctl start firewalld
Disable firewall: systemctl stop firewalld
View firewall status: systemctl status firewalld
Disable on startup: systemctl disable firewalld
Enable on startup: systemctl enable firewalld
Start a service: systemctl start firewalld.serviceStop a service: systemctl stop firewalld.serviceRestart a service: systemctl restart firewalld.serviceDisplay the status of a service: systemctl status firewalld.serviceEnable a service on startup: systemctl enable firewalld.service
Disable a service on startup: systemctl disable firewalld.serviceCheck if a service is started on startup: systemctl is-enabled firewalld.service
View a list of services that have been started: systemctl list-unit-files|grep enabledView a list of services that failed to start: systemctl --failed
View the version: firewall-cmd --version
View help: firewall-cmd --help
Display status: firewall-cmd --state
View all open ports: firewall-cmd --zone=public --list-ports
Update firewall rules: firewall-cmd --reload
View area information: firewall-cmd --get-active-zones
View the area of a specified interface: firewall-cmd --get-zone-of-interface=eth0
Reject all packets: firewall-cmd --panic-on
Cancel rejection: firewall-cmd --panic-off
Check rejection status: firewall-cmd --query-panic
1. Enabing the firewall.
Use systemctl status firewalld to check the firewall status. If it is not enabled, use systemctl start firewalld to enable it.
2. Opening Ports
Use firewall-cmd --list-port to check the open ports of the firewall. If there is no return step, it means there are no open ports. Use firewall-cmd --zone=public --add-port=8083/tcp --permanent to open ports. Use firewall-cmd --reload to reload the firewall rules.
1. Viewing Ports
firewall-cmd --zone=public --query-port=8083/tcp
2. Deleting Open Ports
firewall-cmd --zone=public --remove-port=8083/tcp --permanentfirewall-cmd --reload
3. Adjusting Default Rules (from denying all access by default to allowing all access)
firewall-cmd --permanent --zone=public --set-target=ACCEPTfirewall-cmd --reload
4. Opening Multiple Ports for a Certain IP
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.159.60.29" portprotocol="tcp" port="1:65535" accept"firewall-cmd --reload
Start: service iptables start
Stop: service iptables stop
View status: service iptables status
Disable on startup: chkconfig iptables off
Enable on startup: chkconfig iptables on
1. Allow local loopback interface (allow accessing local system from itself): iptables -A INPUT -i lo -j ACCEPT
Note: The -A and -I parameters need to be added to the end and beginning of the rule respectively.
2. Allow established or related traffic: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3. Allow all outbound accessing from the local system: iptables -P INPUT ACCEPTiptables -A OUTPUT -j ACCEPT
4. Allow access to port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A INPUT -p tcp -s 10.159.1.0/24 --dport 22 -j ACCEPT
Note: -s can be followed by an IP range or a specific IP address. The rules are similar if there are other ports.
5. Allow the ping command: iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
6. Prohibit access by other unauthorized rules:
iptables -A INPUT -j REJECTiptables -A FORWARD -j REJECT
Note: If port 22 is not added to the allowed rules, the SSH connection will be disconnected directly.
1. Block a single IP address: iptables -I INPUT -s 123.45.6.7 -j DROP
2. Block an entire range of an IP (from 123.0.0.1 to 123.255.255.254): iptables -I INPUT -s 123.0.0.0/8 -j DROP
3. Block an IP range from 123.45.0.1 to 123.45.255.254: iptables -I INPUT -s 124.45.0.0/16 -j DROP
4. Block an IP range from 123.45.6.1 to 123.45.6.254: iptables -I INPUT -s 123.45.6.0/24 -j DROP
View existing rules: iptables -L -n
N: It only displays IP address and port number and do not resolve IP address to domain name.
To display all iptables rules with numbers, you can execute the command: iptables -L -n --line-numbers.
Adding Rules
iptables -A and iptables -I
1. iptables -A
The rule is added at the end. For example, you can add a rule for the INPUT chain, allowing it accepting data sent to the local system from eth0 interface with source address in the 192.168.0.0/16 network segment:
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT
2. iptables -I
The rule is added to the first position by default. If you want to specify the position of the insertion rule, you can use the iptables -I command to specify the position number.
Deleting Rules
To delete a specific rule, you can use the iptables -D command. You can add a sequence number or detailed definition at the end of the command.
If you want to clear all rules, you can use iptables -F.
Backuping iptables Rules
Use the iptables-save command like iptables-save > /etc/sysconfig/iptables.save.
Restoring iptables Rules
Use iptables command like iptables-restore < /etc/sysconfig/iptables.save.
Saving iptables Configurations
The configurations will be lost after the system is restarted. You can use service iptables save to save.
Restart the iptables service to make it effective: service iptables save.
After adding the rules, save and restart to make them effective: service iptables restart.
iptables -A INPUT -p tcp --dport 80 -j ACCEPTservice iptables saveservice iptables restart
The configuration file for iptables is /etc/sysconfig/iptables.
Edit the configuration file: vi /etc/sysconfig/iptables.
1. Add the following content to the configuration file:
-A INPUT -p tcp --dport 80 -j ACCEPT
2. Execute service iptables restart to restart the system and make the modification effective.
Cloud servers require settings of additional security group and opening relevant ports.
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy