Table of contents
1. Determine whether the server uses firewall or iptable
6. Check whether the port is opened successfully
1. Check the firewall service status
2. View the status of the firewall
3. Open, restart, close, firewalld.service service
5. Query, open and close ports
#Query whether the port is open
Open a range of ports, if you want to open a range of ports, the command is as follows
#Restart the firewall (restart the firewall after modifying the configuration)
1. Solutions
1. Determine whether the server uses firewall or iptable
Linux has a total of two firewall software, namely firewall and iptable. Generally speaking, firewall is used above ConterOS7.0, and iptables is used below ConterOS7.0. Before opening the port, we need to figure out which software our server is using, so that we can use the corresponding commands conveniently
service iptables status
systemctl status firewalld.service
2. Determine the services and ports currently enabled by the firewall, and view all information about the current firewall
firewall-cmd --list-all
It can be seen here that we currently configure the open ports as 9001-9009, and the services service has http, so there is no open port configured, and the services service does not have http , what should we do?
3. Add http service
firewall-cmd --permanent --add-service=http
Note: If an Error: Action org.fedoraproject.FirewallD1.all is not registered error is reported when adding the http service, there may be a problem with the firewall version, you can
yum update firewalld
Manually update the firewall version. Once the update is complete, it's resolved.
4. Re-execute
firewall-cmd --list-all
Check if the addition is successful
If you can’t find it, execute the following command to restart the firewall server
systemctl restart firewalld.service
5. Add open ports
firewall-cmd --zone=public --add-port=8080/tcp --permanent
The permanent configuration here means that it will take effect permanently. If it does not match, the configuration will become invalid after restarting.
After adding, execute:
firewall-cmd --reload
Reload policy configuration
6. Check whether the port is opened successfully
firewall-cmd --list-all
#或者
firewall-cmd --list-ports
Finally, we can successfully access the relevant ports of the server.
Replenish
1. Check the firewall service status
systemctl status firewalld
When Active: active (running) is highlighted, it means that it is in the starting state.
Active: inactive (dead) gray means stop, and you can read the words.
2. View the status of the firewall
firewall-cmd -state
3. Open, restart, close, firewalld.service service
# open
service firewalld start
#restart
service firewalld restart
#closure
service firewalld stop
4. View firewall rules
firewall-cmd --list-all
5. Query, open and close ports
#Query whether the port is open
firewall-cmd --query-port=8080/tcp
A prompt of yes means that it has been activated, and a prompt of no means that it has not been activated.
#Open port 80
Act 1
firewall-cmd --permanent --add-port=80/tcp
Act 2
firewall-cmd --add-port=8888/tcp -permanent
Open a range of ports, if you want to open a range of ports, the command is as follows
firewall-cmd --add-port=8000-9999/tcp --permanent
#remove port
firewall-cmd --permanent --remove-port=8080/tcp
#Restart the firewall (restart the firewall after modifying the configuration)
firewall-cmd --reload
#parameter explanation
1. firwall-cmd: is a tool provided by Linux to operate the firewall;
2. --permanent: indicates that the setting is permanent;
3. --add-port: identifies the added port;