CentOS6.5 to check the status of the firewall:
[linuxidc@localhost ~]$service iptable status 显示结果: [linuxidc@localhost ~]$service iptable status Redirecting to /bin/systemctl status iptable.service
● iptable.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) -- indicates that the firewall has been closed CentOS 6.5 closes the firewall
[root @localhost ~]#servcie iptables stop -- temporarily turn off the firewall [root @localhost ~]#chkconfig iptables off -- permanently turn off the firewall
CentOS 7.2 turn off firewall
CentOS 7.0 uses firewall as the firewall by default, here is the iptables firewall step. firewall-cmd --state #View the default firewall status (notrunning is displayed when it is closed, and running is displayed when it is opened)
[root @localhost ~]#firewall-cmd --state not running Check the status of the firewall:
Starting from centos7, systemctl is used to manage services and programs, including service and chkconfig.
[root@localhost ~]#systemctl list-unit-files|grep firewalld.service --firewall is off firewalld.service disabled or
[root@localhost ~]#systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) 关闭防火墙:
systemctl stop firewalld.service #stop firewall systemctl disable firewalld.service #prohibit firewall from starting
[root@localhost ~]#systemctl stop firewalld.service [root@localhost ~]#systemctl disable firewalld.service
Start a service: systemctl start firewalld.service Shut down a service: systemctl stop firewalld.service Restart a service: systemctl restart firewalld.service Display the status of a service: systemctl status firewalld.service Enable a service at boot: systemctl enable firewalld.service Disable a service at boot time: systemctl disable firewalld.service Check whether the service starts at boot: systemctl is-enabled firewalld.service;echo $? Check the list of started services: systemctl list-unit-files|grep enabled Centos 7 firewall command: Check out the open ports:
firewall-cmd --list-ports open ports
firewall-cmd --zone=public --add-port=80/tcp --permanent Command meaning:
--zone #scope
–add-port=80/tcp #Add port, the format is: port/communication protocol
–permanent #Permanent effect, invalid after restart without this parameter
restart firewall
firewall-cmd --reload #Restart firewall systemctl stop firewalld.service #Stop firewall systemctl disable firewalld.service #Forbid the firewall to start and start firewall-cmd --state #View the default firewall status (notrunning after closing, running after opening) CentOS 7 To open ports 80, 22, and 8080 for iptables commands of the following versions, enter the following commands
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT /sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT 然后保存:
/etc/rc.d/init.d/iptables save View open ports:
/etc/init.d/iptables status Turn off the firewall 1) It will take effect permanently and will not be restored after restarting
On: chkconfig iptables on
Off: chkconfig iptables off
2) It takes effect immediately, and it will be restored after restarting
Start: service iptables start
Shutdown: service iptables stop
Check firewall status: service iptables status
Let's talk about the difference between the default firewalls of CentOS7 and 6
CentOS 7 uses firewall as the firewall by default, and iptables must be reset
1. Turn off the firewall directly
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #Prohibit firewall from starting
2. Set iptables service
yum -y install iptables-services
If you want to modify the firewall configuration, such as adding firewall port 3306
vi /etc/sysconfig/iptables
add rules
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
After saving and exiting
systemctl restart iptables.service #Restart the firewall to make the configuration take effect
systemctl enable iptables.service #Set the firewall to start at boot
Finally, restart the system for the settings to take effect.
systemctl start iptables.service #Open the firewall
systemctl stop iptables.service #Close the firewall
Solve the problem that the host cannot access the site in the virtual machine CentOS A while ago, CentOS6.2 was installed on the virtual machine, and apache+php+mysql was configured, but the machine could not be accessed. Haven't been tossing around.
Details are as follows
- This function can ping the virtual machine
- The virtual machine can also ping the local machine 3. The virtual machine can access its own web 4. The local machine cannot access the virtual machine's web
It was later found that the firewall blocked port 80.
Check whether port 80 of the server is blocked by the firewall, you can use the command: telnet server_ip 80 to test.
The solution is as follows: /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT Then save: /etc/rc.d/init.d/iptables save Restart the firewall /etc/init.d/iptables restart
To close the CentOS firewall, close its service: View the CentOS firewall information: /etc/init.d/iptables status Close the CentOS firewall service: /etc/init.d/iptables stop