After the CentOS upgrade to 7, the built-in firewall has changed from Iptables to Firewalld. Therefore, the opening of the port is to be described in two cases, that is iptables and FIREWALLD. This article refers to the official website tutorial Basics
First, iptables
1. Turn on/off/restart the firewall
Open Firewall (permanent after reboot): Chkconfig iptables on
Shut down the firewall (permanent after reboot): Chkconfig iptables off
Turn on the firewall (effective immediately, fail after reboot): Service iptables start
Shut down the firewall (effective immediately, fail after reboot): Service iptables stop
Restart Firewall: Service iptables RESTARTD
2. View open ports
/etc/init.d/iptables status
3. Open a port (take 8080 for example)
(1) Open port
Iptables-a input-p TCP--dport 8080-j ACCEPT
(2) Save and restart the firewall
/etc/rc.d/init.d/iptables save/etc/init.d/iptables Restart
4. Open the port between 49152~65524
Iptables-a input-p TCP--dport 49152:65524-j ACCEPT
Again, the settings need to be saved and the firewall restarted.
5. Other Open methods
We can also open the port by modifying the/etc/sysconfig/iptables file, as follows
Vim/etc/sysconfig/iptables
Then add a line to the file
-A rh-firewall-1-input-m state–state new-m tcp-p tcp–dport 8080-j accep
Parameter description:
The –A parameter is seen as adding a rule
–P specifies what protocol we commonly use for the TCP protocol, and of course there are UDP, such as 53-port DNS
–dport is the destination port, when the data goes from outside to the server as the destination port
–sport data goes out of the server, it is used for the data source port
–J is designated as Accept-receive or DROP not receive
Second, FIREWALLD
CENTOS7 installs FIREWALLD by default, and if it is not installed, it can be installed using the Yum install Firewalld firewalld-config.
1. Start the firewall
Systemctl Start Firewalld
2. Disabling the firewall
Systemctl Stop Firewalld
3. Set Boot up
Systemctl Enable Firewalld
4. Stop and disable boot boot
Sytemctl Disable FIREWALLD
5. Restart the firewall
Firewall-cmd--reload
6. View status
Systemctl status Firewalld or Firewall-cmd--state
7. View version
Firewall-cmd--version
8. View Help
Firewall-cmd--help
9. View area Information
Firewall-cmd--get-active-zones
10. View the zone information for the specified interface
Firewall-cmd--get-zone-of-interface=eth0
11. Reject All Packages
Firewall-cmd--panic-on
12. Cancel the Deny status
Firewall-cmd--panic-off
13. See if you are rejecting
Firewall-cmd--query-panic
14. Add an interface to a zone (the default interface is public)
Firewall-cmd--zone=public--add-interface=eth0 (permanently effective plus--permanent then reload firewall)
15. Set the default interface area
Firewall-cmd--set-default-zone=public (Immediate effect, no restart required)
16. Update Firewall rules
Firewall-cmd--reload or Firewall-cmd--complete-reload (the difference between the two is that the first one without disconnecting is one of the FIREWALLD features dynamic
Add a rule, the second need to disconnect, similar restart service)
17. View all open ports in the specified zone
Firewall-cmd--zone=public--list-ports
18. Open the port in the specified area (remember to restart the firewall)
Firewall-cmd--zone=public--add-port=80/tcp (permanently effective plus--permanent)
Description
–zone Scope
–ADD-PORT=8080/TCP add port in the format: Port/Communication protocol
–permanent #永久生效, fail after reboot without this parameter
Simple use of Linux firewalls