CENTER OS7 turn off firewall

CentOS 7.0 uses firewall as the firewall by default, and the previous version used iptables.
Therefore, you cannot view the firewall status by executing the following command in CentOS 7.

[root@localhost ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
Unit iptables.service could not be found.

Check whether the firewall is turned off

firewall-cmd –state

[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]#

Turn on the firewall

[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]# 

Turn off firewall

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# firewall-cmd --state
not running
[root@localhost ~]# 

Disable startup of firewall

[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

If it is set in this way, the next time you restart the system, the startup of firewall will be disabled, that is, the shutdown state.

Set firewall to start

[root@localhost ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

After this setting, the firewall will be turned on automatically after power on.

Show firewall app list

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: ssh dhcpv6-client
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

[root@localhost ~]# firewall-cmd --add-service=ftp
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: ssh dhcpv6-client ftp
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

[root@localhost ~]# 

After using firewall CMD -- add service = ftp, the list shows one more ftp service.

Tags: firewall iptables ftp CentOS

Posted on Sat, 04 Apr 2020 09:40:53 -0700 by uNF