1. Overview
1. Purpose
Server A uses port 1521, which can only be accessed by the specified IP application, and other server IP addresses cannot be accessed normally without permission.
2. Methods and steps
- Enable the firewall.
- Check port and close port access.
- Add settings to access specific ports.
3. Things to note
When enabling the firewall, be sure to pay attention that if it is remote access, you must first add the rules for the remote port, otherwise it will not be able to remotely reach the server. If this problem occurs, see if there are other servers in the same section, use the ssh ip method to log in and make adjustments.
2. Enable the firewall
First check whether the firewall is turned on
#View the firewall statussystemctl status firewalld #Open the firewallsystemctl start firewalld #Start upsystemctl enable firewalld
3. Check port and close port access
1. Make sure the port is closed. Close the port if it is open. If the port is open, all IPs can be accessed.
#Query the open portfirewall-cmd --zone=public --list-ports
2. Close the port. If the port is not turned on, there is no need to close it.
#Close port 1521firewall-cmd --zone=public --remove-port=1521/tcp --permanent #Reload the firewall settings to make the settings take effectfirewall-cmd --reload #Query the open portfirewall-cmd --zone=public --list-ports
4. Opening IP address and port
#Allow ip192.168.1.1 to access port 1521firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="1521" accept" #Reload the firewall settings to make the settings take effectfirewall-cmd --reload #View set rulesfirewall-cmd --zone=public --list-rich-rules
V. Other commonly used
1. Check the firewall list
#View all open temporary portsfirewall-cmd --list-all #View the firewall statussystemctl status firewalld #Open the firewallsystemctl start firewalld #Restart the firewallsystemctl reload firewalld
2. Open or restrict ports (ports are open, all IPs can be accessed)
#Open port 1521#firewall-cmd --zone=public --add-port=1521/tcp --permanent #Reload the firewall settings to make the settings take effectfirewall-cmd --reload # Check whether 1521 is effective through the following commandfirewall-cmd --zone=public --query-port=1521/tcp #All ports opened by the systemfirewall-cmd --zone=public --list-ports #Close the 1521 port that just openedfirewall-cmd --zone=public --remove-port=1521/tcp --permanent firewall-cmd --reload
3. Bulk opening or restricting ports
Bulk open ports, such as all ports from 1001 to 1005, we need to open them.
firewall-cmd --zone=public --add-port=1001-1005/tcp --permanent firewall-cmd --reload
Bulk restricted ports:
firewall-cmd --zone=public --remove-port=1001-1005/tcp --permanent firewall-cmd --reload
4. Open or restrict IP (set rules)
Open IP 192.168.1.1 allows access to port 1521
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="1521" accept" firewall-cmd --reload #View the rules that have been setfirewall-cmd --zone=public --list-rich-rules
Restricting the address with IP of 192.168.1.1 prohibits access to port 1521, which means prohibits access to the machine.
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="1521" reject" firewall-cmd --reload
Delete the original setting rules
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="1521" accept" firewall-cmd --reload
5. If the settings are not effective, try editing the rules file directly, delete the original settings rules, and reload the firewall.
Copy after login
vi /etc/firewalld/zones/
6. Summary
This is the article about Linux firewall settings allowing specific IPs to access specified ports. For more related Linux settings allowing specific IPs to access specified ports, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!