1. The following is the command to close the firewall in red hat/CentOs7 !
1: Check the fire protection status
systemctl status firewalld
service iptables status
2: Temporarily turn off the firewall
systemctl stop firewalld
service iptables stop
3: Permanently turn off the firewall
systemctl disable firewalld
chkconfig iptables off
4: Restart the firewall
systemctl enable firewalld
service iptables restart
5: Restart after permanent shutdown
// haven't tried yet
chkconfig iptables on
2. firewalld
Centos7 has firewalld installed by default. If it is not installed, you can use yum install firewalld firewalld-config to install it.
1. Start the firewall
systemctl start firewalld
2. Disable the firewall
systemctl stop firewalld
3. Set boot
systemctl enable firewalld
4. Stop and disable booting
sytemctl disable firewalld
5. Restart the firewall
firewall-cmd --reload
6. View status
systemctl status firewalld or firewall-cmd --state
7. View version
firewall-cmd --version
8. View help
firewall-cmd --help
9. View area information
firewall-cmd --get-active-zones
10. View the zone information of the specified interface
firewall-cmd --get-zone-of-interface=eth0
11. Reject all packets
firewall-cmd --panic-on
12. Cancel rejection status
firewall-cmd --panic-off
13. Check if it is rejected
firewall-cmd --query-panic
14. Add the interface to the zone (the default interface is public)
firewall-cmd --zone=public --add-interface=eth0 (permanent plus --permanent and then reload firewall)
15. Set the default interface area
firewall-cmd --set-default-zone=public (effective immediately, no need to restart)
16. Update firewall rules
firewall-cmd --reload or firewall-cmd --complete-reload (the difference between the two is that the first one does not need to disconnect, which is one of the firewalld features to dynamically
add rules, and the second one needs to be disconnected, similar to restarting the service)
17. View all open ports in the specified area
firewall-cmd --zone=public --list-ports
18. Open ports in the specified area (remember to restart the firewall)
firewall-cmd --zone=public --add-port=80/tcp (permanent plus --permanent)
firewall-cmd --zone=public --add-port=80/tcp --permanent
Note: After opening, you need to restart the firewall to take effect
[Restart command]: firewall-cmd --reload
Other common commands:
firewall-cmd --state ##Check the status of the firewall, whether it is running
firewall-cmd --reload ##Reload the configuration, for example, after adding rules, you need to execute this command
firewall-cmd --get-zones ##List support The zone
firewall-cmd --get-services ##List the supported services, the services in the list are released
firewall-cmd --query-service ftp ##Check whether the ftp service is supported, return yes or no
firewall-cmd --add-service=ftp ##Temporarily open ftp service
firewall-cmd --add-service=ftp --permanent ##Permanently open ftp service
firewall-cmd --remove-service=ftp --permanent ##Permanent removal ftp service
firewall-cmd --add-port=80/tcp --permanent ##Permanently add 80 port
firewall-cmd --remove-port=80/tcp --permanent ##Permanently remove 80 port
firewall-cmd -- zone=public --list-ports ##View the opened ports
iptables -L -n ##View rules, this command is the same
man firewall-cmd as iptables
1. Open ports
firewall-cmd --zone=public --add-port=5672/tcp --permanent # Open port 5672
firewall-cmd --zone=public --remove-port=5672/tcp --permanent #Close port 5672
firewall-cmd --reload # configuration takes effect immediately
2. View all open ports on the firewall
firewall-cmd --zone=public --list-ports
3. Turn off the firewall
If there are too many ports to be opened and it is troublesome, you can turn off the firewall and evaluate the security by yourself
systemctl stop firewalld.service
4. View the status of the firewall
firewall-cmd --state
5. View the listening port
netstat -lnpt
PS: centos7 does not have the netstat command by default, you need to install the net-tools tool, yum install -y net-tools
6. Check which process the port is occupied by
netstat -lnpt |grep 5672
7. View the detailed information of the process
ps 6832
8. Stop the process
kill -9 6832
Description:
–zone scope
–add-port=8080/tcp Add port, the format is: port/communication protocol
–permanent #Permanently effective, without this parameter, it will fail after restarting