View port status opening
Queries have open ports netstat -anp
whether the query specified port is open firewall-cmd --query-port = 666 / tcp prompt yes, indicate on; no means is not turned on.
Check firewall status
Check firewall status systemctl status firewalld
open the firewall systemctl start firewalld
turn off the firewall systemctl stop firewalld
open the firewall service firewalld start
If they are unable to open the first use: systemctl unmask firewalld.service then: systemctl start firewalld.service
Foreign Port Development
See if want to open the ports are open: firewall-cmd --query-port = 6379 / tcp
add the specified ports need to be open: firewall-cmd --add-port = 123 / tcp --permanent
port reloaded added: firewall-cmd --reload
query whether the port open success: firewall-cmd --query-port = 123 / tcp
remove the specified port: firewall-cmd --permanent --remove-port = 123 / tcp
By iptables treatment
Installation iptables-services: yum install iptables- services
into the catalog following modifications: / etc / sysconfig / iptables
iptables view, add, delete, modify, permanent
1 View
iptables -nvL --line-number-L to view the current list of all the rules, the default view of the filter table, if you want to view the NAT table, you can add -t NAT parameter
-n right ip address reverse lookup, add this parameter much faster display speed
-v output details, comprising a number of packets by the rule, and the total number of bytes corresponding network interface
--line-number display the serial number of the rule, the parameter rule deleted, or modified by to2, add
Add rule has two arguments: -A and -I. Wherein -A is added to the end of the rule; -I may be inserted to the specified position, the position is not specified, then the default rule is inserted into the header portion.
iptables -A INPUT -s 192.168.1.5 -j DROP3, delete
To delete a rule to add previously deleted -D parameters: iptables -A -j DROP the INPUT -s 192.168.1.5
Sometimes you want to delete the rule is too long to write a long list when you delete a waste of time and easy wrong, then we the line number can first use -line-number to find out that rule, and then delete the rule by line number.4, modify
-R modified using the parameters: iptables the INPUT. 3 -R -j ACCEPT
5, permanent
service iptables save
service iptables restart