I changed the firewall to iptables in this blog of building an ftp server on Ali's lightweight application server, because no matter how I set up firewalld at the time, I couldn't access the ftp server. Today, when I was reading other blogs, I suddenly found that firewalld has opened the service. A command, and then I found a solution.
Check which ports are currently opened . In fact, a service corresponds to a port, and each service corresponds to an xml file under /usr/lib/firewalld/services.
firewall-cmd --list-services
1
Through this command, we check which services are currently opened. For example,
I have enabled two services in the following, but I have not opened http and ftp services, so I cannot access the built nginx server and ftp through the external network. Server
(1) You can use the following command to check which services can be opened
firewall-cmd --get-services
1
(2) You can use the following command to add a service to firewalld
firewall-cmd --add-service=http // http replaced want to open service
1
this added service currently take effect immediately, but the next system start to fail, you can use the test. To permanently develop a service, add --permanent
firewall-cmd --permanent --add-service=http
1
and then restart the firewall through systemctl restart firewalld.service to take effect. At
this time, you can access the built nginx and ftp through the external network Server.