Professional Documents
Culture Documents
Virtual-hosts in Centos7
Work on the Project in this link. Follow all the instructions and
configure both the firwalld and Virtual-hosts.
https://phoenixnap.com/kb/install-apache-on-centos-7
% pgrep apache
If not, check system and apache logs for any errors. (e.g.
SELinux settings can be a possible cause: set it to disabled in
/etc/selinux/config for now)
% iptables -nL
Make sure you are not bound by any sort NAT or Port Forwarding at
the data center side. Check with their admins.
Update #1:
https://linuxhint.com/fix-firewalld-not-running-error-centos/
Sysadmins can configure each zone with its own firewall rules,
which allow or deny incoming traffic into the system.
For example, if you do not want anyone to SSH into your system,
you can block port 22, and this makes sure that no one can access
your system from outside via SSH.
Zones
One of these zones can be set as default per the user's needs.
After the installation, the public zone is set as the default,
which you can change later.
# firewall-cmd --state
running
To list the information about the default zone:
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: baremetal cni-podman0 eno1 eno2 eno3 provisioning
sources:
services: cockpit dhcpv6-client http ssh
ports: 8080/tcp 80/tcp 80/udp 67/udp 68/udp protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
As you can see above, the public zone is set as default. The
output displays the interfaces assigned to this zone and which
services and ports are enabled/allowed.
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: cockpit dhcpv6-client mdns samba-client ssh
# firewall-cmd --list-all-zones
Next, let’s see some of the commands to add new services and
ports to a particular zone and make them permanent (remain even
after system reboot).
# firewall-cmd --list-ports
# firewall-cmd --add-port <port-number/port-type> --permanent
# firewall-cmd –reload
# firewall-cmd –reload
We can also use rich rules, which have some advanced filtering
capabilities in firewalld. The syntax for these is below. These
rich rules are helpful when we want to block or allow a
particular IP address or address range.
# firewall-cmd --list-rich-rules
The following rule accepts SSH connections only from the host
with IP 10.1.111.21 and drops other connections:
This example rejects ping requests from all hosts with an error
message:
You can configure a zone with its own firewall rules, which
allows or denies incoming traffic into the system.