All Products
Search

This Product

    :Linux operating system How to configure the default firewall for an ECS instance

    Document Center

    :Linux operating system How to configure the default firewall for an ECS instance

    Last Updated:Sep 21, 2020

    Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

     

    Overview

    The default Firewall for CentOS 7 is Firewall, which replaces iptables. Firewall supports graphical interface management and command line management. This article describes how to configure the Firewall by using command lines.

     

    Description

    Start Firewall

    After entering the system, the Firewall is installed on CentOS 7 by default but is not started. Therefore, you need to start the Firewall first and set it to start automatically at startup.

    1. Log on to the ECS instance and run the following command to start the Firewall. 
      systemctl start firewalld
    2. Run the following command to set automatic start upon startup. 
      systemctl enable firewalld.service

     

    Common Commands

    • Run the following command to check whether the firewall status is running. 
      firewall-cmd --state
    • Run the following command to reload the configuration. For example, you need to run this command after adding a rule. 
      firewall-cmd --reload
    • Run the following command to list the supported zones. 
      firewall-cmd --get-zones
    • Run the following command to list the supported services. 
      firewall-cmd --get-services
    • Run the following command to check whether the FTP service is supported. If yes is returned, the FTP service is supported. If no is returned, the FTP service is not supported. 
      firewall-cmd --query-service ftp
    • Run the following command to start FTP: 
      Firewall-cmd -- add-service = ftp
    • Run the following command to start FTP: 
      firewall-cmd --add-service=ftp --permanent
    • Run the following command to start FTP: 
      firewall-cmd --remove-service=ftp --permanent
    • Run the following command to add port 80 permanently. 
      firewall-cmd --add-port=80/tcp --permanent
    • Run the following command to view the rules. This command is the same as iptables. 
      iptables -L -n
    • Run the following command to view the PV: 
      man firewall-cmd

     

    Application scope

    • ECS