The firewall configuration of CentOS7 is very different from the previous version. After a lot of attempts, I finally found the key to solving the problem.
The firewall of this version of CentOS7 uses firewall by default, which is different from the previous version using iptables . It is convenient to configure the firewall as follows:
1. Turn off the firewall:sudo
systemctl stop firewalld.service
Open firewall systemctl start firewalld.service
Check the firewall status: firewall-cmd --state (display notrunning after closing, running after opening)
2. Turn off the startup:sudo
systemctl disable firewalld.service
3. Install iptables firewall
Execute the following command to install the iptables firewall:sudo
yum
install
iptables-services
4. Configure the iptables firewall and open the specified port (the same as the previous version, there are many introductions on the Internet, not much introduction here)
5. Set the iptables firewall to start at boot:sudo
systemctl
enable
iptables
OK, you can access it according to the configured port
Original address:
http://www.centoscn.com/CentOS/config/2015/0701/5768.html
CentOS 7.0 uses firewall as the firewall by default, which is changed to iptables firewall here.
1. Turn off firewall:
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl mask firewalld.service
2. Install iptables firewall
yum install iptables-services -y
3. Start setting the firewall
# systemctl enable iptables
# systemctl start iptables
4.查看防火墙状态
systemctl status iptables
5编辑防火墙,增加端口
vi /etc/sysconfig/iptables #编辑防火墙配置文件
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
:wq! #保存退出
3.重启配置,重启系统
systemctl restart iptables.service #重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动
1) 永久性生效,重启后不会复原
开启: chkconfig iptables on
关闭: chkconfig iptables off
2) 即时生效,重启后复原
开启: service iptables start
关闭: service iptables stop
查看防火墙状态: service iptables status