Yesterday, we released the FAS3.0 flow control cracking script, and let the 11 helpers (f à n) share (l à n) for a while. Then we found that some users commented below that there was a problem with SELinux shutdown.

Then I contacted the user to help him build the machine, and found it was a Vultr machine. Here, I remind you that you should not choose to use foreign machines for OpenV P N series flow control. If it is a wall climbing agent, it is recommended to choose S S R.

To get to the point, I have never used the Vultr machine. The reason is that poverty limits me!
First, I used the ssh tool to shut down SELinux with a regular command. The prompt was that SELinux was shut down, but the script building exception still existed. Then I connected his machine through xftp and found that /etc/selinux No under folder config I'm lazy, so I don't plan to use the script or find out where his configuration file is. Since he doesn't have it, I wrote one in notepad++.
establish config Blank file, written in SELINUXTYPE=disabled , through the SELinux steps of the script perfectly.

At the end of the script running, there was a problem that the background could not be accessed. My first reaction was that there was a problem with the security group. Through port scanning, my guess is verified to be correct. Then this user will not configure the firewall. OK, let's open it manually.

1. View the firewall version number
firewall-cmd --version
It is a built-in firewall, and the version number is prompted.
2. View the firewall status
firewall-cmd --state
3. Add port permissions. Let me give an example of port 80.

 firewall-cmd --zone=public --add-port=80/tcp --permanent #Command meaning: --Zone # Scope --Add port=80/tcp # Add port in the format of port/communication protocol --Permanent # It takes effect permanently and will become invalid after restarting without this parameter

4. Restart the firewall
systemctl restart firewalld

If you don't understand, let's be simple and rude.

1. Close the firewall
systemctl disable firewalld
2. Use xftp to connect the machine for editing /etc/firewalld/zones/public.xml file
3. Write the protocol and port to be used with notepad++

 <port protocol="tcp" port="1024"/> <port protocol="tcp" port="80"/> <port protocol="tcp" port="443"/> <port protocol="tcp" port="8080"/> <port protocol="udp" port="53"/> <port protocol="udp" port="68"/>

4. Save the file and enable the firewall
systemctl start firewalld

Through the above operations, I can perfectly solve the SELinux and port problems of Vultr. Maybe my operation is stupid, so I don't want to spray it.

extend

 Firewalld command Run, stop, disable firewalld Start: # systemctl start firewalld Restart: # systemctl restart firewalld View status: # systemctl status firewalld or firewall cmd -- state Stop: # systemctl disable firewalld Disable: # systemctl stop firewalld Configure firewalld View version: $firewall cmd -- version View help: $firewall cmd -- help Display status: $firewall cmd -- state View area information: $firewall cmd -- get active zones View the region of the specified interface: $firewall cmd -- get zone of interface=eth0 Reject all packages: # firewall cmd -- panic on Cancel Rejection Status: # firewall cmd -- panic off Check whether to reject: $firewall cmd -- query panic Update firewall rules: # firewall-cmd --reload # firewall-cmd --complete-reload The difference between the two is that the first is that there is no need to disconnect. It is one of the firewalld features that dynamically adds rules. The second is that the connection needs to be disconnected, similar to restarting the service Add interfaces to the region. The default interfaces are all in public # firewall-cmd --zone=public --add-interface=eth0 Permanently effective plus permanent and reload firewall Set default interface area # firewall-cmd --set-default-zone=public Effective immediately without restarting Open the port (seems to be the most commonly used) To view all open ports: # firewall-cmd --zone=dmz --list-ports Add a port to the zone: # firewall-cmd --zone=dmz --add-port=8080/tcp The method for permanent effectiveness is the same as above Open a service, which is similar to visualizing the port. The service needs to be added in the configuration file. There is a services folder in the/etc/firewalld directory, which is not detailed. For details, refer to the documentation # firewall-cmd --zone=work --add-service=smtp Remove Service # firewall-cmd --zone=work --remove-service=smtp