Linux firewall sets port access restrictions
On Linux, you can use firewall to configure firewall rules to implement port restrictions.
General steps to set up port restriction rules
- Open a single port
firewall-cmd --permanent --add-port=3306/tcp
- Remove a single port
firewall-cmd --permanent --remove-port=3306/tcp
- Batch open ports
firewall-cmd --permanent --add-port=2000-2100/tcp
- Batch removal
firewall-cmd --permanent --remove-port=2000-2100/tcp
- View all open ports
firewall-cmd --list-ports
- Allow specified IP to access port 3306 (change accept to reject if you want to prohibit)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.72.152" port protocol="tcp" port="3306" accept"
- Allow the specified network segment to access port 3306 (if you want to prohibit accept, change to reject)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.72.0/24" port protocol="tcp" port="3306" accept"
- View rules that have been added
firewall-cmd --list-rich-rules
- You can also directly modify the configuration file, add or delete rules
vi /etc/firewalld/zones/
- Reloading takes effect
service firewalld reload
Summarize
The above is personal experience. I hope you can give you a reference and I hope you can support me more.