Linux firewall

Posted 2020-11-01 anyu686

1. Cent Os

• to list all firwalls  firwall-cmd --list-all

[email protected]:~$ firewall-cmd --list-all
public (default, active)
interfaces: eth0  
sources:
services: dhcpv6-client ssh
ports: 4000-4005/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

• Add port :   

  firewall-cmd --add-port 4000-4005/tcp (--permernant)     //without permernant, it apply to run time only, with permernat, it will still vaild after reboot

• Add service 

firewall-cmd --add-service <service-name> (--permernant)   // the service name can be get by firewall-cmd --get-services , and each service is defined in /usr/lib/firewalld/service/

 

2 Ubuntu  uncompleted firewall 

• check/change status: ufw status,  ufw disbale/enable
• add service: ufw allow ssh  :

• ufw allow 53

  This rule will allow tcp and udp port 53 to any address on this host.
  To specify a protocol, append ‘/protocol‘ to the port. For example:

  ufw allow 25/tcp

• This will deny all traffic to tcp port 80 on this host. Another exam‐
  ple:

  ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25