Linux network common commands

View firewalld status

firewall-cmd --zone=dmz --add-port=1111/tcp

firewall-cmd --zone=public --add-port=23/tcp --permanent

firewall-cmd --permanent --query-port=1111/tcp

firewall-cmd --zone=public --list-ports

 

View iptbales firewall status

service iptables status

service iptbales start

service iptables sotp

service iptables restart

 

View the process number

# ps -ef | grep java

root      3697  3640 11 09:33 pts/1    00:00:31 java -jar eureka-server-0.0.1-SNAPSHOT.jar

#View the port occupied by the process

# netstat -tupln | grep 3697  

tcp6       0      0 :::1111                 :::*                    LISTEN      3697/java   

 

 

vi  /etc/sysconfig/iptables

 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 1111 -j ACCEPT 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT 

 

Completely block firewalld and use iptables as the only firewall.

 

The setting steps are as follows:

 

1. Install iptabl

2、systemctl stop firewalld.service

3、systemctl disable firewalld.service

4、systemctl start iptables.service

Check port usage

# netstat -tulpn

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2413/master         

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1568/rpcbind        

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1488/sshd           

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2862/cupsd          

tcp        0      0 0.0.0.0:48311           0.0.0.0:*               LISTEN      1837/rpc.statd      

tcp6       0      0 ::1:25                  :::*                    LISTEN      2413/master         

tcp6       0      0 :::111                  :::*                    LISTEN      1568/rpcbind        

tcp6       0      0 :::22                   :::*                    LISTEN      1488/sshd           

tcp6       0      0 :::1111                 :::*                    LISTEN      3697/java           

tcp6       0      0 ::1:631                 :::*                    LISTEN      2862/cupsd         

Found: The port of tcp6 cannot be accessed outside, and the port of tcp is OK

 

See which program a port belongs to

# lsof -i:22

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

sshd    1488 root    3u  IPv4  20331      0t0  TCP *:ssh (LISTEN)

sshd    1488 root    4u  IPv6  20333      0t0  TCP *:ssh (LISTEN)

sshd    3554 root    3u  IPv4  30297      0t0  TCP 10.99.1.53:ssh->10.99.1.51:50669 (ESTABLISHED)

sshd    3635 root    3u  IPv4  31287      0t0  TCP 10.99.1.53:ssh->10.99.1.51:50694 (ESTABLISHED)

 

 

How to disable IPV6 under CentOS 7

Modify grub to not load IPV6 modules at boot time

vi /etc/default/grub

#Add ipv6.diable=1 on line 6 

GRUB_CMDLINE_LINUX="ipv6.diable=1 rd.lvm.lv=centos/swap vconsole.font

#grub2-mkconfig -o /boot/grub2/grub.cfg

#reboot

Check

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

 

 

decompress

tar -xzvf file.tar.gz 解压 tar.gz