1. View the status of the firewall
firewall-cmd --state
If the return is "not running", you need to enable the firewall first;
2. Turn on the firewall
systemctl start firewalld.service
Check the firewall status again and find that it is enabled!
3. Open the specified port
firewall-cmd --zone=public --add-port=3306/tcp --permanent
Show success means success
–zone=public means the scope is public
–add-port=443/tcp Add the port number of the tcp protocol to 443
–permanent takes effect permanently, if there is no such parameter, it can only be maintained within the current service life cycle , invalid after restarting;
4. Check which ports are open
netstat -anp
5. Network testing and scanning
What is nc
nc is the abbreviation of netcat, which has the reputation of the Swiss army knife in the network industry. Because it is short, compact and functional, it is designed as a simple and reliable network tool
The role of nc
(1) Realize the listening of any TCP/UDP port, nc can be used as a server to listen to the specified port in TCP or UDP mode
(2) port scanning, nc can be used as a client to initiate a TCP or UDP connection
(3) between machines Transferring files between
machines (4) Network speed measurement between machines
yum -y install nc
nc -lk 9999
client connection ip port
telnet 10.0.2.116 9999
6. Restart the firewall
systemctl restart firewalld.service
There is no prompt in the system to indicate success!
7. Reload the firewall
firewall-cmd --reload
Display success means success
8. Other commands
Check open ports
firewall-cmd --list-ports
Close the specified port
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
systemctl restart firewalld.service
firewall-cmd --reload
Check which process the port is occupied by
netstat -lnpt |grep 5672
centos7 does not have the netstat command by default, you need to install the net-tools tool:
install net-tools
yum install -y net-tools
Temporarily turn off the firewall
systemctl stop firewalld.service
or
systemctl stop firewalld
Permanently close the firewall (the firewall must be temporarily closed first, and then execute this command to close permanently)
systemctl disable firewalld.service
or
systemctl disable firewalld
9. Modify the iptables method (centOS6.*)
The linux version of centOS6.* comes with iptables, so you can use this method directly. CentOS7 does not come with iptables, so to use this method, you need to install iptables manually, and then use this method!
2.1 Modify iptables file
#Modify iptables
vi /etc/sysconfig/iptables
2.2 Restart the firewall
/etc/init.d/iptables restart
10. Matters needing attention
When a certain port is successfully opened in Linux, but the remote telnet still cannot be pinged, it is normal!
Because port 3306 is not monitored by a Linux process, in other words, there is no program running on this port! ! !
If at this time, I start Mysql in Linux and complete the configuration, then the remote telnet port can be successful! ! !