1. Basic use
Enabled: systemctl start firewalld
Disabled: systemctl stop firewalld
View Status: systemctl status firewalld
Powered On Disabled: systemctl disable firewalld
Powered On Enabled: systemctl enable firewalld
systemctl is the main tool in the service management tool of CentOS7. It integrates the functions of the previous service and chkconfig into one.
Start a service: systemctl start firewalld.service
close a service: systemctl stop firewalld.service
restart a service: systemctl restart firewalld.service
display the status of a service: systemctl status firewalld.service
enable a service at boot time: systemctl enable firewalld.service
at boot time Disable a service: systemctl disable firewalld.service
check whether the service is powered on and start: systemctl is-enabled firewalld.service
check the list of services that have been started: systemctl list-unit-files|grep enabled
check the list of services that failed to start:systemctl --failed
2. Configure firewalld-cmd
View version: firewall-cmd --version
View help: firewall-cmd --help
Display status: firewall-cmd --state
View all open ports: firewall-cmd --zone=public --list-ports
Update firewall rules: firewall-cmd --reload
View area information: firewall-cmd --get-active-zones
View the area to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0
Deny all packets: firewall-cmd --panic-on
Cancel deny status: firewall-cmd --panic-off
Check whether to deny: firewall-cmd --query-panic
3. Open the firewall port
For example, ports 80 and 3306 of the firewall need to be opened
Step 1: Set the open port number
firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=3060/tcp --permanent
–permanent takes effect permanently, and will fail after restarting without this parameter
Step 2: Restart the firewall
firewall-cmd --reload
Step 3: Check the open port number
firewall-cmd --list-all
4. docker port
1. Query the port of the container
docker ps --format "table { {.ID}}\t{ {.Names}}\t{ {.Ports}}"
2. Container port mapping, delete container mapping
一、安装sshd服务
进入容器
[root@node01 ~]# docker exec -it c00dfd401fa3 bash
安装sshd服务
[root@test /]# yum install -y openssh-server
启动并允许sshd自动启动
[root@test /]# systemctl start sshd
[root@test /]# systemctl enable sshd
二、增加sshd使用的22映射端口
1.关闭容器
[root@node01 ~]# docker stop c00dfd401fa3
2.关闭docker服务
[root@node01 ~]# systemctl stop docker
3.获取container_id
[root@node01 ~]# docker inspect c00dfd401fa3 | grep Id
"Id"
:
"c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8"
,
4.修改容器配置文件hostconfig.json
vi /
var
/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/hostconfig.json
修改配置项
"PortBindings"
:{}为
"PortBindings"
:{
"22/tcp"
:[{
"HostIp"
:
""
,
"HostPort"
:
"10022"
}]}
5.修改容器配置文件hostconfig.json
vi /
var
/lib/docker/containers/c00dfd401fa3e907f266695c60d823671caff3ff3ef422152a226064f4342ef8/config.v2.json
修改配置项
"ExposedPorts"
:{}为
"ExposedPorts"
:{
"22/tcp"
:{}}
6.启动docker服务
[root@node01 ~]# systemctl start docker
7.启动容器
[root@node01 ~]# docker start c00dfd401fa3
8.验证连接容器
外部网络通过10022端口连接容器
C:\Users\yang>ssh [email protected] -p 10022
The authenticity of host
'[192.168.162.128]:10022 ([192.168.162.128]:10022)'
can't be established.
ECDSA key fingerprint
is
SHA256:DcwfgepkosH8q1N8Kp8XD0iNFL8h1sVKO0Al2Bs4hiE.
Are you sure you want to
continue
connecting (yes/no/[fingerprint])? yes
Warning: Permanently added
'[192.168.162.128]:10022'
(ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Sun Oct 24 04:34:08 2021
from
gateway
[root@test ~]#
容器所在的宿主机连接容器
[root@node01 ~]# ssh [email protected] -p 22
[email protected]'s password:
Last login: Sun Oct 24 04:34:02 2021
from
192.168.162.1