反馈已提交
网络繁忙
After the project is deployed to the Linux system, the Linux system needs to open the project port so that the project address can be accessed by other computers.
Start firewall:systemctl start firewalld
Turn off firewall:systemctl stop firewalld
View firewall status:systemctl status firewalld
Power on disable:systemctl disable firewalld
Startup enable:systemctl enable firewalld
Start a service:systemctl start firewalld.serviceClose a service:systemctl stop firewalld.serviceRestart a service:systemctl restart firewalld.serviceDisplays the status of a service:systemctl status firewalld.serviceEnable a service on startup:systemctl enable firewalld.serviceDisable a service on startup:systemctl disable firewalld.serviceCheck whether the service is started:systemctl is-enabled firewalld.serviceView the list of started services:systemctl list-unit-files|grep enabledView the list of services that failed to start:systemctl --failed
View version:firewall-cmd --version
View help:firewall-cmd --help
Display status:firewall-cmd --state
View all open ports:firewall-cmd --zone=public --list-ports
Update firewall rules:firewall-cmd --reload
View area information:firewall-cmd --get-active-zones
To view the region of the specified interface:firewall-cmd --get-zone-of-interface=eth0
Reject all packages:firewall-cmd --panic-on
Cancel reject status:firewall-cmd --panic-off
Check whether to reject:firewall-cmd --query-panic
a. Turn on Firewall
Use systemctl status firewalld to check the firewall status. If it is not enabled, use systemctl start firewalld to open the firewall.
As shown in the following figure:
b.Open port
Use firewall-cmd --list-port to view the open ports of the firewall. If there is no return, it proves that there are no open ports. Open the port with firewall-cmd --zone=public --add-port=8083/tcp --permanent, and reload with firewall-cmd --reload. As shown in the following figure:
a. View ports
firewall-cmd --zone=public --query-port=8083/tcp
b. Delete open ports
firewall-cmd --zone=public --remove-port=8083/tcp --permanentfirewall-cmd --reload
c. Adjust the default policy (deny all access by default and allow all access instead)
firewall-cmd --permanent --zone=public --set-target=ACCEPTfirewall-cmd --reload
d. Open multiple ports to an IP
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.159.60.29" port protocol="tcp" port="1:65535" accept"firewall-cmd --reload
Start:service iptables start
Close:service iptables stop
View status:service iptables status
Power on disable:chkconfig iptables off
Startup enable:chkconfig iptables on
1) Allow local loopback interface (i.e. running the local machine to access the local machine):iptables -A INPUT -i lo -j ACCEPT
Note: - A and - I parameters are added to the end of the rule and the front of the rule respectively.
2) Allow established or associated passage:iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3) Allow all local external access:iptables -P INPUT ACCEPTiptables -A OUTPUT -j ACCEPT
4) Allow access to port 22:
iptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A INPUT -p tcp -s 10.159.1.0/24 --dport 22 -j ACCEPT
Note: - s can be followed by IP segment or specified IP address. If there are other ports, the rules are similar.
5) Allow ping:iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
6) Prohibit access to other rules that are not allowed:
iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT
Note: if the permission rule is not added to port 22, the SSH link will be disconnected directly.
1) Shield single IP:iptables -I INPUT -s 123.45.6.7 -j DROP
2) From 123.0.0.1 to 123.255.255.254:iptables -I INPUT -s 123.0.0.0/8 -j DROP
3) The IP segment is from 123.45.0.1 to 123.45.255.254:iptables -I INPUT -s 124.45.0.0/16 -j DROP
4) The IP segment is from 123.45.6.1 to 123.45.6.254:iptables -I INPUT -s 123.45.6.0/24 -j DROP
To view existing rules:iptables -L -n
N: Only IP address and port number are displayed, and IP is not resolved to domain name
Display all iptables with serial numbers, execute: iptables -L -n --line-numbers
Add rule
iptables -A和iptables -I
1)iptables -A
The added rule is added at the end. If a rule is added to the input chain to receive the data sent to the local machine from the network segment with the source address of 192.168.0.0/16 that enters from the eth0 port:
iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT
2)iptables -I
The added rule is added to the first rule by default. If you want to specify the location of the insertion rule, you can specify the location sequence number when using iptables -I.
Delete rule
If you delete the specified rule, use the iptables -D command. The command can be followed by serial number or iptables -D followed by detailed definition.
If you want to clear all the rules, you can use iptables -F.
Backup iptables rules
Use the iptables Save command, such as:iptables-save > /etc/sysconfig/iptables.save
Restore iptables rules
Use the iptables command, such as:iptables-restore < /etc/sysconfig/iptables.save
Iptables configuration saving
After the device is restarted, the configuration will be lost. You can use service iptables save to save.
Restart the iptables service to make it effective: service iptables save
After adding a rule, save and restart it to take effect: service iptables restart
iptables -A INPUT -p tcp --dport 80 -j ACCEPTservice iptables saveservice iptables restart
The configuration file of iptables is:/etc/sysconfig/iptables
Edit profile:vi /etc/sysconfig/iptables
a. Add to the configuration file:
-A INPUT -p tcp --dport 80 -j ACCEPT
b. Execute service iptables restart and the restart will take effect.
The Cloud server needs to set additional security groups and open relevant ports.
售前咨询电话
400-811-8890转1
在线技术支持
在线QQ:800049425
热线电话:400-811-8890转2
总裁办24H投诉
热线电话:173-1278-1526
文 档反 馈
鼠标选中内容,快速反馈问题
鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。
不再提示
10s后关闭