CENTOS7 Firewall Open ports, etc. commands

CentOS 7 Open firewall Port command

Recently, the company's new server requirements with CentOS7, found that the previous CentOS 6 series of iptables related commands can not be used, check the next, found that CentOS 7 use FIREWALLD instead of the original iptables.

use the following methods:

>>> Shutdown Firewall

Systemctl Stop Firewalld.service #停止firewall
Systemctl Disable Firewalld.service #禁止firewall开机启动

>>> Open port
Firewall-cmd--zone=public--add-port=80/tcp--permanent
command meaning:
--zone #作用域
--ADD-PORT=80/TCP #添加端口, Format: Port/Communication protocol
--permanent #永久生效, failure after reboot without this parameter
>>> Reboot Firewall
Firewall-cmd--reload

Introduction to common commands
Firewall-cmd--state # #查看防火墙状态, is running
Firewall-cmd--reload # #重新载入配置, such as adding a rule, you need to execute this command
Firewall-cmd--get-zones # #列出支持的zone
Firewall-cmd--get-services # #列出支持的服务, the services in the list are released
Firewall-cmd--query-service FTP # #查看ftp服务是否支持, return yes or no
Firewall-cmd--add-service=ftp # #临时开放ftp服务
Firewall-cmd--add-service=ftp--permanent # #永久开放ftp服务
Firewall-cmd--remove-service=ftp--permanent # #永久移除ftp服务
Firewall-cmd--add-port=80/tcp--permanent # #永久添加80端口
Iptables-l-N # #查看规则, this command is the same as Iptables
Man Firewall-cmd # #查看帮助

more commands, using firewall-cmd--help to view Help files

>>> CentOS 7.0 uses firewall as a firewall by default, and iptables must be reset
1, directly shut down the firewall
Systemctl Stop Firewalld.service #停止firewall
Systemctl Disable Firewalld.service #禁止firewall开机启动

2, set iptables service
yum-y install iptables-services
If you want to modify the firewall configuration, such as adding firewall ports 3306
vi/etc/ SYSCONFIG/IPTABLES&NBSP
Add Rule
-A input-m State--state new-m tcp-p TCP--dport 3306-j ACCEPT

Save Exit
Systemctl Restart Iptables.service #重启防火墙使配置生效
Systemctl enable Iptables.service #设置防火墙开机启动
Finally reboot the system so that the settings take effect.