CentOS 6.5 to check the status of the firewall:
1
|
[linuxidc@localhost ~]$service iptable status
|
Show results:
1
2
3
4
5
|
[linuxidc@localhost ~]$service iptable status
Redirecting
to
/bin/systemctl status iptable.service
● iptable.service
Loaded:
not
-found (Reason:
No
such file
or
directory)
Active: inactive (dead)
--表示防火墙已经关闭
|
CentOS 6.5 turn off firewall
1
2
|
[root@localhost ~]#servcie iptables stop
--临时关闭防火墙
[root@localhost ~]#chkconfig iptables
off
--永久关闭防火墙
|
CentOS 7.2 turn off firewall
CentOS 7.0 uses firewall as the firewall by default, here is the iptables firewall step.
firewall-cmd --state #View the default firewall status (notrunning is displayed when it is closed, and running is displayed when it is opened)
1
2
|
[root@localhost ~]#firewall-cmd
--state
not
running
|
Check the status of the firewall:
Starting from centos7, systemctl is used to manage services and programs, including service and chkconfig.
1
2
|
[root@localhost ~]#systemctl list-unit-files|grep firewalld.service
--防火墙处于关闭状态
firewalld.service disabled
|
or
1
2
3
4
|
[root@localhost ~]#systemctl status firewalld.service
● firewalld.service - firewalld -
dynamic
firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
|
Turn off the firewall:
systemctl stop firewalld.service #stop firewall
systemctl disable firewalld.service #prohibit firewall from starting
1
2
|
[root@localhost ~]#systemctl stop firewalld.service
[root@localhost ~]#systemctl disable firewalld.service
|
1
2
3
4
5
6
7
8
|
启动一个服务:systemctl start firewalld.service
关闭一个服务:systemctl stop firewalld.service
重启一个服务:systemctl restart firewalld.service
显示一个服务的状态:systemctl status firewalld.service
在开机时启用一个服务:systemctl enable firewalld.service
在开机时禁用一个服务:systemctl disable firewalld.service
查看服务是否开机启动:systemctl
is
-enabled firewalld.service;echo $?
查看已启动的服务列表:systemctl list-unit-files|grep enabled
|
Centos 7 firewall command:
Check out the open ports:
firewall-cmd --list-ports
open port
firewall-cmd --zone=public --add-port=80/tcp --permanent
Command meaning:
--zone #scope
–add-port=80/tcp #Add port, the format is: port/communication protocol
–permanent #Permanent effect, invalid after restart without this parameter
restart firewall
firewall-cmd --reload #重启firewall
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
firewall-cmd --state #View the default firewall status (notrunning is displayed when it is closed, and running is displayed when it is opened)
CentOS 7 and below iptables command
To open port 80, 22, 8080, enter the following command
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
Then save:
/etc/rc.d/init.d/iptables save
View open ports:
/etc/init.d/iptables status
Turn off the firewall
1) It will take effect permanently and will not be restored after restarting
On: chkconfig iptables on
Off: chkconfig iptables off
2) It takes effect immediately, and it will be restored after restarting
Start: service iptables start
Shutdown: service iptables stop
Check firewall status: service iptables status
Let's talk about the difference between the default firewalls of CentOS7 and 6
CentOS 7 uses firewall as the firewall by default, and iptables must be reset
1. Turn off the firewall directly
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #Prohibit firewall from starting
2. Set iptables service
yum -y install iptables-services
If you want to modify the firewall configuration, such as adding firewall port 3306
vi /etc/sysconfig/iptables
add rules
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
After saving and exiting
systemctl restart iptables.service #Restart the firewall to make the configuration take effect
systemctl enable iptables.service #Set the firewall to start at boot
Finally, restart the system for the settings to take effect.
systemctl start iptables.service #Open the firewall
systemctl stop iptables.service #Close the firewall
Solve the host cannot access the site in the virtual machine CentOS
1. This function can ping the virtual machine2. The virtual machine can also ping the local machine3. The virtual machine can access its own web4. This machine cannot access the web of the virtual machine
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
View CentOS firewall information: /etc/init.d/iptables statusClose the CentOS firewall service: /etc/init.d/iptables stop
Go to https://www.linuxidc.com/Linux/2016-12/138979.htm