Note: The FIREWALLD service has two rules policy configuration records, and when you configure a policy record that is permanently in effect, you need to execute the "reload" parameter before it takes effect immediately :
- Permanent: Permanent in force
- RunTime: Now in effect
1. View the current region
[[email protected] bin] # chkconfig iptables off Public
2. To view the firewall status, be aware that the firewall must be a boot state when setting up port rules
[[Email protected] ~]#systemctl Status Firewalld //Return message tip firewall not started FIREWALLD.SERVICE-FIREWALLD-Dynamic Firewall daemon Loaded: Loaded (/usr/lib/systemd/system/firewalld.service; Disabled Vendor Preset:enabled) Active:inactive (dead) //dead rep off status Docs: Man:firewalld (1) [[email protected]-7bec-0002 ~]#systemctl start Firewalld //start firewall [[Email protected] ~]#systemctl Status FirewalldFIREWALLD.SERVICE-FIREWALLD-Dynamic Firewall daemon Loaded: Loaded (/usr/lib/systemd/system/firewalld.service; Disabled Vendor Preset:enabled) Active: Active (running) since Tue 2018-10-09 19:38:36CST; 2s ago Docs: Man:firewalld (1) Main PID: 9269(FIREWALLD) CGroup: /system. Slice/firewalld.service└─9269/usr/bin/python-es/usr/sbin/firewalld--nofork--nopidoct19:38:36 ecs-7bec-0002 systemd[1]: Starting firewalld-dynamic Firewall daemon ...Oct19:38:36 ecs-7bec-0002 systemd[1]: Started firewalld-dynamic firewall daemon.
3. Configure the ports that need to be developed
[[Email protected] ~] # firewall-cmd--zone=public--add-port= port number /tcp--permanentSuccess
4. Execute the command to make the port effective
[[Email protected] ~] # firewall-cmd--reloadSuccess
5. Check if the port is active
[[Email protected] ~] # firewall-cmd--zone=public--query-port= port number /tcpYes
6. Other firewall operations
[[Email protected] ~]#firewall-cmd--list-port //View all development ports 3306/TCP 80/Tcp[[email protected]-7bec-0002 ~]#firewall-cmd--zone=public--remove-port=8080/tcp--permanent Delete a port Success[[email protected]-7bec-0002 ~]#firewall-cmd--reload //enable newly configured port rules to take effect Success[[email protected]-7bec-0002 ~]#firewall-cmd--version //view version 0.4.3.2[[Email protected]-7bec-0002 ~]#Firewall-cmd--stateRunning[[email protected]-7bec-0002 ~]#firewall-cmd--get-active-zones //view area PublicInterfaces: eth0
In Centos 7, firewall configuration port rules