CentOS6.5 View the status of the firewall:
[[Email protected] ~] $service iptable Status
Show Results:
[[email protected] ~]$service iptable statusredirecting to/bin/systemctl status iptable.service Iptable.service loaded:not-found (reason:no such file or directory) active:inactive (dead) --Indicates that the firewall is down
CentOS 6.5 Firewall off
[[email protected] ~]#servcie iptables stop -temporarily shut down firewall [[email protected] ~]#chkconfig iptables off --Permanently shut down the firewall
CentOS 7.2 Firewall off
CentOS 7.0 defaults to using firewall as the firewall, which is changed to iptables firewall step.
Firewall-cmd--state #查看默认防火墙状态 (show notrunning after turn off, show running when turned on)
[Email protected] ~]#firewall-cmd--statenot running
Check the status of the firewall:
Start using systemctl from CENTOS7 to manage services and programs, including service and Chkconfig.
[[email protected] ~]#systemctl list-unit-files|grep firewalld.service --Firewall is off firewalld.service Disabled
Or
[Email protected] ~]#systemctl status firewalld.servicefirewalld.service-firewalld-dynamic firewall Daemo N loaded:loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset:enabled) Inactive (dead)
To turn off the firewall:
Systemctl Stop Firewalld.service #停止firewall
Systemctl Disable Firewalld.service #禁止firewall开机启动
[Email protected] ~]#systemctl stop Firewalld.service[[email protected] ~]#systemctl Disable Firewalld.service
Start a service: Systemctl start Firewalld.service shut down a service: systemctl stop firewalld.service Restart a service: systemctl restart Firewalld.service Displays the status of a service: Systemctl status Firewalld.service enables a service at boot: Systemctl enable Firewalld.service Disable a service at power-on: systemctl Disable Firewalld.service Check if the service is booting: Systemctl is-enabled firewalld.service; echo $? View the list of services started: Systemctl List-unit-files|grep enabled
Centos 7 Firewall command:
To view ports that are already open:
firewall-cmd --list-ports
Open port
firewall-cmd --zone=public --add-port=80/tcp --permanent
Command meaning:
–zone #作用域
–add-port=80/tcp #添加端口 in the format: Port/Communication protocol
–permanent #永久生效, fail after reboot without this parameter
Restarting the firewall
#重启firewallsystemctl stop firewalld.service #停止firewallsystemctl disable firewalld.service #禁止firewall开机启动
firewall-cmd--state #查看默认防火墙状态 (show notrunning after turn off, show running when turned on)
CentOS 7 following version iptables command
To open the 80,22,8080 port, enter the following command
-I INPUT -p tcp --dport 80 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
Then Save:
/etc/rc.d/init.d/iptables save
To view open ports:
/etc/init.d/iptables status
Shutting down the firewall
1) Permanent, no recovery after reboot
Open: Chkconfig iptables on
OFF: Chkconfig iptables off
2) immediate effect, recovery after restart
Open: Service iptables start
Close: Service iptables stop
View firewall Status: Service iptables status
Below is the difference between CentOS7 and 6 's default firewall
CentOS 7 defaults to using firewall as a firewall, and using iptables must be reset
1. Close the firewall directly
Systemctl Stop Firewalld.service #停止firewall
Systemctl Disable Firewalld.service #禁止firewall开机启动
2. Set up Iptables service
Yum-y Install Iptables-services
If you want to modify the firewall configuration, such as increasing firewall port 3306
Vi/etc/sysconfig/iptables
Add rule
-A input-m state--state new-m tcp-p TCP--dport 3306-j ACCEPT
After saving exits
Systemctl Restart Iptables.service #重启防火墙使配置生效
Systemctl Enable Iptables.service #设置防火墙开机启动
The final reboot system makes the settings effective.
Systemctl Start Iptables.service #打开防火墙
Systemctl Stop Iptables.service #关闭防火墙
Resolve host cannot access virtual machine in CentOS the site before the array is installed in the virtual machine CentOS6.2, and equipped with the Apache+php+mysql, but this machine is inaccessible. has not been to toss. The specific situation is as follows
1. This function ping the virtual machine 2. The virtual machine can also ping the machine 3. Virtual machines access their own Web 4. The web of the virtual machine cannot be accessed by this machine
Later found to be
the firewall shielded the 80 port for the sake of it. Check that the 80 port of the server is blocked by the firewall and can be tested by the command: Telnet server_ip 80来. Here's how to fix it:
/sbin/iptables-i input-p tcp--dport 80-j ACCEPT
Then Save:
/etc/rc.d/init.d/iptables Save
Restarting the firewall
/etc/init.d/iptables Restart
The CentOS firewall shuts down and shuts down its service:
View the CentOS Firewall information:/etc/init.d/iptables status shutdown of the CentOS Firewall service:/etc/init.d/iptables stop
Shutdown of CENTOS6 and CENTOS7 firewalls