Linux firewall related configuration commands and operations (centos and ubuntu)

ubuntu and centos firewall configuration commands and operations

Everyone enters keywords such as [linux firewall] to search for related articles on the Internet, and sometimes the command cannot be used, not because their command is wrong, but because of the operating system version.
At present, the more common Linux systems are centos and ubuntu.
Stop talking nonsense, just open up

centos

At present, the most commonly used centos version is 7.x, here is 7.x to expand, and also talk about the difference with 6.x

7. x version uses firewall by default, while 6.x version uses iptables by default

All installations are yum install, such as: yum install iptables-services

iptables firewall##

1. Basic command

# View firewall status
service iptables status
# Stop firewall
service iptables stop
# Start firewall
service iptables start
# Restart firewall
service iptables restart
# Permanently turn off the firewall
chkconfig iptables off
# Restart after permanent shutdown
chkconfig iptables on

2. The operation of opening ports in iptables firewall state

# Open port 80
vim /etc/sysconfig/iptables
# Add the following code
- A INPUT -m state --state NEW -m tcp -p tcp --dport 80-j ACCEPT
Restart the firewall after saving and exiting

firewall firewall##

1. Basic command

# View firewall service status(Active appears:active(running)Is the start state, Active:inactive(dead)Is stopped)
systemctl status firewalld
# View firewall status
firewall-cmd --state
# Open firewall.service
service firewalld start
# Restart firewall.service
service firewalld restart
# Close firewall.service
service firewalld stop

# View firewall rules
firewall-cmd --list-all
# Check if the port is open
firewall-cmd --query-port=8080/tcp
# Open port 80
firewall-cmd --permanent --add-port=80/tcp
# Remove port
firewall-cmd --permanent --remove-port=8080/tcp
# Restart the firewall (restart the firewall after modifying the configuration)
firewall-cmd --reload

# Parameter introduction
firewall-cmd is a tool for operating firewall provided by Linux
- - permanent means set to permanent
- - add-port identifies the added port

2. Turn off firewall and turn off auto-start

# Stop firewall
systemctl stop firewalld.service
# Prohibit firewall startup
systemctl disable firewalld.service

3. Set the firewall to start automatically

systemctl enable iptables.service

ubuntu

1. Basic command

# installation
sudo apt-get install ufw
# View firewall version
sudo ufw version
# View firewall status
sudo ufw status
# Enable firewall
sudo ufw enable
# Allow external access to this machine by default
sudo ufw default allow
# Deny external access to the host by default
sudo ufw default deny
# Turn off the firewall
sudo ufw disable
# Permanently turn off the firewall
systemctl stop firewalld.service

2. Port number opening and closing

# Allow external access to port 80
sudo ufw allow 80
# Deny external access to port 80
sudo ufw deny 80

3. Allow a certain IP address to access all ports of the machine

sudo ufw allow from192.168.0.1