View firewalld status
firewall-cmd --zone=dmz --add-port=1111/tcp
firewall-cmd --zone=public --add-port=23/tcp --permanent
firewall-cmd --permanent --query-port=1111/tcp
firewall-cmd --zone=public --list-ports
View iptbales firewall status
service iptables status
service iptbales start
service iptables sotp
service iptables restart
View the process number
# ps -ef | grep java
root 3697 3640 11 09:33 pts/1 00:00:31 java -jar eureka-server-0.0.1-SNAPSHOT.jar
#View the port occupied by the process
# netstat -tupln | grep 3697
tcp6 0 0 :::1111 :::* LISTEN 3697/java
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
Completely block firewalld and use iptables as the only firewall.
The setting steps are as follows:
1. Install iptabl
2、systemctl stop firewalld.service
3、systemctl disable firewalld.service
4、systemctl start iptables.service
Check port usage
# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2413/master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1568/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1488/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2862/cupsd
tcp 0 0 0.0.0.0:48311 0.0.0.0:* LISTEN 1837/rpc.statd
tcp6 0 0 ::1:25 :::* LISTEN 2413/master
tcp6 0 0 :::111 :::* LISTEN 1568/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1488/sshd
tcp6 0 0 :::1111 :::* LISTEN 3697/java
tcp6 0 0 ::1:631 :::* LISTEN 2862/cupsd
Found: The port of tcp6 cannot be accessed outside, and the port of tcp is OK
See which program a port belongs to
# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1488 root 3u IPv4 20331 0t0 TCP *:ssh (LISTEN)
sshd 1488 root 4u IPv6 20333 0t0 TCP *:ssh (LISTEN)
sshd 3554 root 3u IPv4 30297 0t0 TCP 10.99.1.53:ssh->10.99.1.51:50669 (ESTABLISHED)
sshd 3635 root 3u IPv4 31287 0t0 TCP 10.99.1.53:ssh->10.99.1.51:50694 (ESTABLISHED)
How to disable IPV6 under CentOS 7
Modify grub to not load IPV6 modules at boot time
vi /etc/default/grub
#Add ipv6.diable=1 on line 6
GRUB_CMDLINE_LINUX="ipv6.diable=1 rd.lvm.lv=centos/swap vconsole.font
#grub2-mkconfig -o /boot/grub2/grub.cfg
#reboot
Check
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
decompress
tar -xzvf file.tar.gz 解压 tar.gz