How to use a firewall to set up network transmission security for CentOS servers

How to use a firewall to set up network transmission security for CentOS servers

The firewall is one of the important components in server security. It can help us filter out malicious network traffic and protect the server from intrusions and attacks. This article will introduce how to use a firewall to set up network transmission security for CentOS servers, and attach code examples.

1. Check the firewall status
   Before starting the setup, we must first confirm whether the firewall is enabled. Enter the following command in the terminal to check the firewall status:

sudo systemctl status firewalld

If the output shows "active (running)", it means the firewall is enabled; if the output shows "inactive (dead)", it means the firewall Not Enabled.

2. Enable Firewall
   If the firewall is not enabled, we need to enable it first. Enter the following command in the terminal to enable the firewall:

sudo systemctl start firewalld

3. Set default firewall rules
   Before setting specific network transmission security rules, we first set some default firewall rules to Prevent unauthorized access. Enter the following command in the terminal to set the default rule:

sudo firewall-cmd --set-default-zone=public
sudo firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
sudo firewall-cmd --permanent --zone=public --remove-service=dhcpv6-server
sudo firewall-cmd --reload

The above command will set the default firewall zone to "public" and remove the services related to the DHCPv6 client and server.

4. Open the required ports
   Next, we need to open the ports that need to be used on the server. Enter the following command in the terminal to open the port, taking port 80 as an example:

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --permanent --zone=public --add-port=80/udp
sudo firewall-cmd --reload

The above command will permanently open port 80, supporting TCP and UDP protocols.

5. Block unnecessary ports
   In order to increase the security of the server, we can block unnecessary ports to prevent attackers from using them to attack. Enter the following command in the terminal to block the specified port, taking port 22 as an example:

sudo firewall-cmd --permanent --zone=public --remove-port=22/tcp
sudo firewall-cmd --permanent --zone=public --remove-port=22/udp
sudo firewall-cmd --reload

The above command will permanently block the TCP and UDP protocols of port 22.

6. Configuring firewall rules
   In addition to opening and blocking ports, we can also configure more complex firewall rules according to our own needs. Enter the following command in the terminal to configure the rule to allow the specified IP address to access the server port:

sudo firewall-cmd --permanent --zone=public --add-rich-rule="rule family='ipv4' source address='192.168.0.10' port protocol='tcp' port='3306' accept"
sudo firewall-cmd --reload

The above command will permanently allow the host with the IP address 192.168.0.10 to access the server's 3306 port.

7. Check the firewall rules
   After the settings are completed, we can use the following command to view the current firewall rules:

sudo firewall-cmd --zone=public --list-all

The above command will display the current "public" All firewall rules for the zone.

Summary:
This article introduces how to use a firewall to set up network transmission security for CentOS servers. By setting firewall rules, opening required ports, blocking unnecessary ports, and configuring complex rules, we can enhance the network security of the server. Please select appropriate firewall rules based on actual needs, and check whether the rules take effect after the configuration is completed.

The above is the detailed content of How to use a firewall to set up network transmission security for CentOS servers. For more information, please follow other related articles on the PHP Chinese website!