Home >Operation and Maintenance >Linux Operation and Maintenance >Detailed explanation of the firewall settings you need to pay attention to when building a web server on CentOS

Detailed explanation of the firewall settings you need to pay attention to when building a web server on CentOS

WBOY
WBOYOriginal
2023-08-06 15:01:451888browse

Detailed explanation of the firewall settings that need to be paid attention to when building a web server on CentOS

Introduction:
When building a web server on CentOS, firewall settings are a very important content. Correct firewall settings can effectively protect server security and prevent malicious attacks. This article will introduce in detail the firewall settings that need to be paid attention to when building a web server on CentOS, and provide corresponding code examples for readers' reference and learning.

1. Understand the basic knowledge of CentOS firewall
The default firewall tool used by CentOS is "firewalld". Firewalld is a web-based firewall management tool that uses dynamic and static firewall rules to protect servers. Understanding the basic knowledge of Firewalld is a prerequisite for firewall settings.

2. Check the Firewalld version on the server
Before starting to configure the firewall, you first need to check whether Firewall has been installed on the server and check its version. Use the following command to check:

firewall-cmd --version

If the returned result is the version number of Firewalld, it proves that Firewalld has been installed on the server.

3. Check the status of Firewalld
Before configuring the firewall, you need to know the current status of Firewalld. The following command can check the status of Firewalld:

systemctl status firewalld

If Active (running) is displayed, it means Firewalld is running.

4. Enabling, disabling and restarting Firewalld

  1. Enable Firewalld:
systemctl start firewalld
  1. Disable Firewalld:
systemctl stop firewalld
  1. Restart Firewalld:
systemctl restart firewalld

5. Set up to allow the specified port to pass through the firewall
The following takes port 80 as an example to demonstrate how to set up to allow the specified port to pass through the firewall.

  1. Add port 80:
firewall-cmd --zone=public --add-port=80/tcp --permanent
  1. Reload Firewalld configuration:
firewall-cmd --reload

6. Set up to allow specified IP addresses to pass through the firewall
The following takes allowing 192.168.1.100 to pass through the firewall as an example.

  1. Add allowed IP addresses:
firewall-cmd --permanent --zone=public --add-source=192.168.1.100
  1. Reload Firewalld configuration:
firewall-cmd --reload

7. Set allowed specified ports and IP address passes through the firewall
The following is an example of allowing the IP address of 192.168.1.100 and port 80 to pass through the firewall.

  1. Add allowed IP addresses and ports:
firewall-cmd --permanent --zone=public --add-source=192.168.1.100
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload

8. View firewall configuration rules
Use the following command to view the current Firewalld rule configuration:

firewall-cmd --list-all

9. Summary:
This article introduces the firewall settings that need to be paid attention to when building a web server on CentOS. By understanding the basics of firewalls, we can better protect server security. I hope this article will be helpful to readers, and also remind readers to update and check the server's firewall settings in a timely manner to ensure the security of the server.

The above is a detailed explanation of the firewall settings that need to be paid attention to when building a web server on CentOS. I hope it will be helpful to you. thanks for reading!

The above is the detailed content of Detailed explanation of the firewall settings you need to pay attention to when building a web server on CentOS. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn