Home  >  Article  >  Operation and Maintenance  >  How to set up CentOS firewall for tighter security

How to set up CentOS firewall for tighter security

WBOY
WBOYOriginal
2023-07-06 23:39:051619browse

How to set up CentOS firewall to enhance security

Introduction:
In today's Internet era, network security has become a very important task. As a server operating system, CentOS plays an important role in ensuring server security. This article focuses on how to set up CentOS firewall to strengthen server security, and provides some practical code examples to help you better protect your server from potential threats.

1. Introduction to CentOS firewall:
The default firewall management tool used by CentOS is firewalld. It is a dynamic firewall manager that can provide a more flexible and easier-to-operate way to manage the server's firewall rules. . The following will introduce in detail how to set up CentOS firewall.

2. Configure firewall rules:

  1. View the current firewall rules:

    firewall-cmd --list-all

    This command will display the current firewall rules and services.

  2. Set default rules:
    By default, CentOS firewall will allow some common services to pass, such as SSH (port 22), HTTP (port 80) and HTTPS (port 443) ). You can use the following command to modify the default rules:

    firewall-cmd --set-default-zone=<zone>

    where 743e6aaf32cfa1f68087435544b430a1 is the default firewall zone you want to set. The optional areas are public, work, and home.

  3. Set rules to open or close a specific port:
    If you need to open or close a specific port, you can use the following command:

    firewall-cmd --add-port=<port>/tcp --permanent    # 开启tcp端口
    firewall-cmd --add-port=<port>/udp --permanent    # 开启udp端口
    firewall-cmd --remove-port=<port>/tcp --permanent # 关闭tcp端口
    firewall-cmd --remove-port=<port>/udp --permanent # 关闭udp端口

    Where, 298c9bd6ad6e8c821dc63aa0473d6209 is the port number you want to open or close.

  4. Allow specific IPs or IP segments to access the server:
    If you want to restrict only specific IPs or IP segments to access the server, you can use the following command:

    firewall-cmd --add-source=<IP/mask> --permanent   # 添加允许的IP或IP段
    firewall-cmd --remove-source=<IP/mask> --permanent# 移除允许的IP或IP段

    Among them, 81b02a4dfde1364c77a8a5c84d6ad43e is the IP or IP segment you want to allow or remove.

  5. Allow or deny specific services:
    If you want to allow or deny specific services through the firewall, you can use the following command:

    firewall-cmd --add-service=<service> --permanent    # 允许服务通过
    firewall-cmd --remove-service=<service> --permanent # 拒绝服务通过

    Where, 2562a309fd5e0c9cc93294a3a8564eb1 is the service you want to allow or deny, such as http, https, and ssh, etc.

  6. Update firewall rules:
    After you complete the above steps, you need to update the firewall rules to make them effective:

    firewall-cmd --reload

3. Summary :
Through this article, we learned how to set up CentOS firewall to strengthen the security of the server. In actual use, you can customize the above sample code according to the specific needs of the server. At the same time, server security not only relies on firewalls, but also requires comprehensive consideration of other security measures, such as timely updating of system patches, restricting unnecessary services, strengthening password policies, etc. Only a combination of these security measures can protect our servers from potential threats.

References:

  1. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on- centos-7
  2. https://www.vultr.com/docs/configure-iptables-on-centos-7

(word count: 550 words)

The above is the detailed content of How to set up CentOS firewall for tighter security. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn