firewall settings | firewalld | iptables | firewall-cmd --add-service=http --permanent | match = target
The iptables command is used to set up, configure,
and view the tables of the IPv4 rules in the kernel. It is somewhat complicated and so this will
serve as just a simple overview.
iptables uses one or more tables. Each table has a number of pre-made chains and can
also contain user-created chains. A chain is a list of rules, and a rule specifies what to do
with a packet that matches. This “match” is called a target.
When a packet does not match, the next rule in the chain is looked at. If it does match, one
of the following can be specified for the packet:
- ACCEPT: It allows the packet to pass on
- DROP: It rejects the packet
- QUEUE: It passes the packet on to the user space
- RETURN: It stops the running of this chain and continues at the next rule in the
calling chain
Here are a few iptable commands. Do not run these commands on your system; this
is an example only:
1. To delete all existing rules, use the following command:
iptables -F
2. To block a specific IP address, use the following command:
iptables -A INPUT -s 192.168.1.115 -j DROP
3. To allow loopback access, use the following command:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
firewall-config is easy and convenient, but requires a graphical setup
firewalld - don't forget about runtime and permanent
[root@localhost ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec......
[root@localhost ~]# firewall-cmd --add-service=http
success
[root@localhost ~]# firewall-cmd --add-service=http --permanent
success
[root@localhost ~]#
and view the tables of the IPv4 rules in the kernel. It is somewhat complicated and so this will
serve as just a simple overview.
iptables uses one or more tables. Each table has a number of pre-made chains and can
also contain user-created chains. A chain is a list of rules, and a rule specifies what to do
with a packet that matches. This “match” is called a target.
When a packet does not match, the next rule in the chain is looked at. If it does match, one
of the following can be specified for the packet:
- ACCEPT: It allows the packet to pass on
- DROP: It rejects the packet
- QUEUE: It passes the packet on to the user space
- RETURN: It stops the running of this chain and continues at the next rule in the
calling chain
Here are a few iptable commands. Do not run these commands on your system; this
is an example only:
1. To delete all existing rules, use the following command:
iptables -F
2. To block a specific IP address, use the following command:
iptables -A INPUT -s 192.168.1.115 -j DROP
3. To allow loopback access, use the following command:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
==========================
firewall-config is easy and convenient, but requires a graphical setup
firewalld - don't forget about runtime and permanent
[root@localhost ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec......
[root@localhost ~]# firewall-cmd --add-service=http
success
[root@localhost ~]# firewall-cmd --add-service=http --permanent
success
[root@localhost ~]#
Comments
Post a Comment