CentOS开放指定端口和关闭防火墙
在Linux上部署项目,经常会遇到本机可以正常访问,但是其他机器无法访问的情况,这种情况极大可能是由于防火墙对端口进行了拦截导致的,下面我们就来说下如何开放访问端口
CentOS 6是以下步骤
1. 查询防火墙的状态
[root@localhost ~]# service iptables status iptables: Firewall is not running.
2. 开启/关闭防火墙
[root@localhost ~]# service iptables start --开启
[root@localhost ~]# service iptables stop --关闭
3. 开机启动/关闭
[root@localhost ~]# chkconfig iptables off/on
4. 启动防火墙
[root@localhost ~]# service iptables start
iptables:应用防火墙规则: [确定]
5. 开放指定端口
- 以8080为例:
[root@localhost ~]# vim /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited
# 插入以下内容
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT
COMMIT
[root@localhost ~]# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
[root@localhost ~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
iptables:应用防火墙规则: [确定]
CentOS 7
1. 查看防火墙的状态
[root@dzpj2 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-10-26 15:25:39 CST; 1s ago Docs: man:firewalld(1) Main PID: 19901 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─19901 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...name. Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...name. Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: \'/usr/sbin/iptables -w2 -w --table filter --d...in?). Hint: Some lines were ellipsized, use -l to show in full.
2.打开/关闭/重启防火墙
[root@dzpj2 ~]# systemctl start firewalld [root@dzpj2 ~]# systemctl stop firewalld [root@dzpj2 ~]# systemctl restart firewalld
3.查看是否开机启动
[root@localhost ~]# systemctl is-enabled firewalld #开机启动
enabled
[root@localhost ~]# systemctl is-enabled firewalld #非开机启动
disable
[root@localhost ~]# systemctl enable/disable firewalld #关闭/打开开机启动
4.查询已开放端口
[root@dzpj ~]# firewall-cmd --list-ports 7002/tcp 7006/tcp 7005/tcp 7007/tcp 25/tcp 7001/tcp
5.开放指定端口,重新加载配置
[root@dzpj2 bin]# firewall-cmd --permanent --add-port=7001/tcp success [root@dzpj2 bin]# [root@dzpj2 bin]# firewall-cmd --reload success
- firewall-cmd:属于防火墙的命令之一,在CentOS7版本以上使用
- –permanent:如果不加该参数,开放指定端口的命令会立即生效,但是重启防火墙后,会失效;加上该参数,该配置会永久保留,但是需要reload重启防火墙
- –add-port=7001/tcp:添加端口和网络协议(tcp/http/https……)
6.删除已开放的端口
[root@dzpj2 bin]# firewall-cmd --permanent --remove-port=7001/tcp success [root@dzpj2 bin]# [root@dzpj2 bin]# firewall-cmd --reload success
版权声明:本文为blogszjh原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。