One ,CentOS6 and CentOS7 The difference between firewalls

* The firewall tools used are different :CentOS6 The built-in firewall tool is iptables,CentOS7 The built-in firewall tool is firewall.
* iptables Is used to filter packets , Belongs to the network layer firewall
* firewall Be able to allow some services to be available , Some ports are available , Firewall of higher level
Two , Common commands

* iptables Common commands of firewall service iptables status # Query firewall status service iptables stop
# Turn off the firewall service iptables start # Turn on the firewall service iptables restart # service iptables restart chkconfig
iptables off # Permanently turn off the firewall chkconfig iptables on # Turn on firewall after permanent shutdown iptables -L
--line-numbers # Query current iptables The rules of -A INPUT -p tcp --dport 22 -j ACCEPT # Open port -A
INPUT -p tcp --dport 22 -j DROP
* If /etc/sysconfig/iptables file does not exist , You can configure a firewall rule as follows :
use iptables Command to write a random firewall rule :iptables -P OUTPUT ACCEPT, Then use the service iptables save
Save it , The default is saved to /etc/sysconfig Directory iptables In the file .
* firewall Common commands of firewall firewall-cmd --state # View firewall status systemctl start firewalld
# Start firewall systemctl stop firewalld # Turn off the firewall firewall-cmd --permanent --zone=public
--list-ports # Check the ports open by the firewall firewall-cmd --permanent --zone=public
--add-port=8080/tcp --permanent # Open a new port firewall-cmd --reload # service iptables restart
firewall-cmd --zone=public --query-port=8080/tcp # Verify that the new port is effective systemctl enable
firewalld service # Firewall boot up firewall-cmd --zone=public --remove-port=9200/tcp
--permanent # The firewall cancels an open port