How to set up CentOS firewall for tighter security

How to set up CentOS firewall to enhance security

Introduction:
In today's Internet era, network security has become a very important task. As a server operating system, CentOS plays an important role in ensuring server security. This article focuses on how to set up CentOS firewall to strengthen server security, and provides some practical code examples to help you better protect your server from potential threats.

1. Introduction to CentOS firewall:
The default firewall management tool used by CentOS is firewalld. It is a dynamic firewall manager that can provide a more flexible and easier-to-operate way to manage the server's firewall rules. . The following will introduce in detail how to set up CentOS firewall.

2. Configure firewall rules:

1. View the current firewall rules:

   firewall-cmd --list-all

   This command will display the current firewall rules and services.

2. Set default rules:
   By default, CentOS firewall will allow some common services to pass, such as SSH (port 22), HTTP (port 80) and HTTPS (port 443) ). You can use the following command to modify the default rules:

   firewall-cmd --set-default-zone=<zone>

   where <zone> is the default firewall zone you want to set. The optional areas are public, work, and home.

3. Set rules to open or close a specific port:
   If you need to open or close a specific port, you can use the following command:

   firewall-cmd --add-port=<port>/tcp --permanent    # 开启tcp端口
   firewall-cmd --add-port=<port>/udp --permanent    # 开启udp端口
   firewall-cmd --remove-port=<port>/tcp --permanent # 关闭tcp端口
   firewall-cmd --remove-port=<port>/udp --permanent # 关闭udp端口

   Where, <port> is the port number you want to open or close.

4. Allow specific IPs or IP segments to access the server:
   If you want to restrict only specific IPs or IP segments to access the server, you can use the following command:

   firewall-cmd --add-source=<IP/mask> --permanent   # 添加允许的IP或IP段
   firewall-cmd --remove-source=<IP/mask> --permanent# 移除允许的IP或IP段

   Among them, <IP/mask> is the IP or IP segment you want to allow or remove.

5. Allow or deny specific services:
   If you want to allow or deny specific services through the firewall, you can use the following command:

   firewall-cmd --add-service=<service> --permanent    # 允许服务通过
   firewall-cmd --remove-service=<service> --permanent # 拒绝服务通过

   Where, <service> is the service you want to allow or deny, such as http, https, and ssh, etc.

6. Update firewall rules:
   After you complete the above steps, you need to update the firewall rules to make them effective:

   firewall-cmd --reload

3. Summary :
Through this article, we learned how to set up CentOS firewall to strengthen the security of the server. In actual use, you can customize the above sample code according to the specific needs of the server. At the same time, server security not only relies on firewalls, but also requires comprehensive consideration of other security measures, such as timely updating of system patches, restricting unnecessary services, strengthening password policies, etc. Only a combination of these security measures can protect our servers from potential threats.

References:

1. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on- centos-7
2. https://www.vultr.com/docs/configure-iptables-on-centos-7

(word count: 550 words)

The above is the detailed content of How to set up CentOS firewall for tighter security. For more information, please follow other related articles on the PHP Chinese website!