If you are using the iptables firewall, please see the following article
Centos 7 firewall iptables open specified port (80) and set ftp method
open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
Success appears to indicate that the addition was successful
Command meaning:
--zone #scope
--add-port=80/tcp #Add port, the format is: port/communication protocol
--permanent #Permanent effect, invalid after restart without this parameter
restart firewall
systemctl restart firewalld.service
1. Run, stop, disable firewalld
Start: # systemctl start firewalld
View status: # systemctl status firewalld or firewall-cmd --state
停止:# systemctl disable firewalld
Disable: # systemctl stop firewalld
2. Configure firewalld
View version: $ firewall-cmd --version
See help: $ firewall-cmd --help
View settings:
Show status: $ firewall-cmd --state
View zone information: $ firewall-cmd --get-active-zones
View the zone to which the specified interface belongs: $ firewall-cmd --get-zone-of-interface=eth0
Deny all packets: # firewall-cmd --panic-on
Cancel the denied status: # firewall-cmd --panic-off
Check for rejection: $ firewall-cmd --query-panic
Update firewall rules: # firewall-cmd --reload
# firewall-cmd --complete-reload
The difference between the two is that the first one does not need to be disconnected, it is one of the firewalld features to dynamically add rules, and the second one needs to be disconnected, similar to restarting the service
Add the interface to the zone, the default interface is public
# firewall-cmd --zone=public --add-interface=eth0
Permanent effect plus --permanent then reload firewall
Set default interface zone
# firewall-cmd --set-default-zone=public
Takes effect immediately without restarting
Open the port (it seems that this is the most commonly used)
View all open ports:
# firewall-cmd --zone=dmz --list-ports
Add a port to the zone:
# firewall-cmd --zone=dmz --add-port=8080/tcp
For permanent effect, the method is the same as above
Opening a service is similar to visualizing the port. The service needs to be added in the configuration file. There is a services folder in the /etc/firewalld directory. This is not described in detail. For details, please refer to the documentation.
# firewall-cmd --zone=work --add-service=smtp
remove service
# firewall-cmd --zone=work --remove-service=smtp