CentOS 7 Quick open ports:
After CentOS upgrade to 7, I found it impossible to use the iptables control Linuxs port, after the discovery baidu Centos 7 firewalld use instead of the original iptables. The following records how firewalld open Linux port:
Open port
[root@centos7 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
Query port number 80 is turned on:
[root@centos7 ~]# firewall-cmd --query-port=80/tcp
Restart the firewall:
[root@centos7 ~]# firewall-cmd --reload
Discover what ports are open:
[root@centos7 ~]# firewall-cmd --list-port
Command Meaning:
--zone # scope
--add-port = 80 / tcp # Add port, the format is: port / protocol
--permanent # permanent, this argument does not restart after failure
Check firewall status: systemctl status firewalld.service
closed: systemctl stop firewalld
open: systemctl start firewalld
boot automatically shut down: systemctl disable firewalld
at startup: systemctl enable firewalld
to see whether to activate the boot: chkconfig --list | grep network (RHLE6 )
Two, CentOS6 open firewall ports:
When we use the system CentOS, CentOS firewall is sometimes necessary to change the settings. CentOS firewall is enabled by default, set the CentOS firewall open port method as follows:
Open iptables configuration file: vi / etc / sysconfig / iptables
Note that when you modify CentOS firewall: Be sure to give yourself a good way out, leaving a VNC port management and port management SSh
Here is an example of a iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
Modify CentOS firewall to note is that you have to modify this document according to their own servers.
For example, if you do not want to open port 80 provides a web service, you should delete the corresponding row:
-A RH-Firewall-1-State the -state NEW -m -m the INPUT -p tcp -j ACCEPT tcp - dport 80
After all finished modifying restart iptables: service iptables restart
You can verify whether the rules are already in force: iptables -L
In this way, we completed the CentOS firewall settings modification