Techniques To Check Firewall Service In Centos 7. A firewall is a network security system that prevents unauthorized access into or out of a private computer network. In other words, it’s a layer of protection between the private network (the internal computers) and the public Internet. A firewall helps prevent hackers from accessing data, viruses, and other threats.
There are several ways to check whether a firewall has been enabled or disabled. This article outlines some of them.
Techniques To Check Firewall Service In Centos 7
1. Check the status of Firewalld service
# systemctl status firewalld
# systemctl is-active firewalld
Check the status of firewall-cmd:
# firewall-cmd –state
Check whether iptables and ip6tables services are enabled:
# chkconfig –list iptables
If the output shows that both services are disabled, run this command as the root user to enable them:
# chkconfig iptables on # chkconfig ip6tables on
2. Check if port 22 is open using the TCP SYN method and port 80 is open using the TCP method. Use netstat command to verify that TCP ports 22 and 80 are available.
3. Check the iptables and ip6tables services are enabled or not by running the following commands: # service iptables status # service ip6tables status # chkconfig –list iptables # chkconfig –list ip6tables
More ways to check
4. Verify your network interfaces have been added to the firewall configuration file. If they exist, they will be listed in the INPUT, FORWARD and OUTPUT chains defined in the file /etc/sysconfig/iptables . If there are no interfaces listed in this file, you need to add your interfaces using the following commands: For example, if your network device is named eth0 and you want to add it to the firewall configuration file by adding an entry for it in INPUT chain, then run the following command: # firewall-cmd –zone=public –add-interface=eth0
5. To make sure that you have configured your firewall properly, run a test by pinging or opening a website or SSH connection from a computer outside your network on ports 22 or 80 which are used for connecting to remote computers.
6. You can also check whether ports are open across your firewall by looking at /var/log/messages file with this command: # grep ‘open\|listen’ /var/log/messages
7. Run the following command to see if there’s any error messages in /var/log/messages file: # grep -i error /var/log/messages
Additional commands
8. You can also use netstat command to check whether ports are open across your firewall: # netstat -tulpn | grep :22 | grep LISTEN # netstat -tulpn | grep :80 | grep LISTEN
9. You can also use the following command to check if the above ports are open: # ss -tulpn
10. To see which processes are using a port, use this command: # lsof -i -P -n | grep :22 # lsof -i -P -n | grep :80
11. Check for any iptables rules that would block access to any ports using the following command: # iptables-save
12. To reload firewall rules for testing purpose, run this command: # firewall-cmd –reload
13. To disable firewall, run this command: # systemctl stop firewalld # systemctl mask firewalls
14. To enable firewall again, run this command: # systemctl start firewalld # systemctl unmask firewalld
15. Run the following command to disable and stop iptables and ip6tables services temporarily and make sure the firewall is disabled and stopped: # systemctl disable iptables # systemctl stop iptables.
Conclusion
You may have a firewall installed on your server or desktop machine. You can check the status of the firewall service by running the commands specified above. This output will tell you whether your firewall is enabled or not.