CentOS7 open ports are closed to view the firewall to control specific command as follows:
View firewall state: (active (running) that is open state)
[root@WSS bin]# systemctl firewalld status Unknown operation 'firewalld'. [root@WSS bin]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 四 2019-07-11 09:37:11 CST; 7h ago Docs: man:firewalld(1) Main PID: 44370 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─44370 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...t name. 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD...t name. 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT ...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?). 7月 11 09:37:13 WSS firewalld[44370]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT -...hain?). Hint: Some lines were ellipsized, use -l to show in full. [Root @ WSS bin] #
View open ports: (8080 and 3306 that is already open ports)
[root@WSS bin]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens3 ens4 sources: services: ssh dhcpv6-client ports: 8080/tcp 3306/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [Root @ WSS bin] #
After opening firewall ports open port :( need heavy-duty firewall)
[root@WSS bin]# firewall-cmd --zone=public --add-port=3306/tcp --permanent success [Root @ WSS bin] # [root@WSS bin]# firewall-cmd --reload success [Root @ WSS bin] # # Command Meaning: -zone # Scope -Add -port = 80 / tcp # Add port, the format is: port / protocol -permanent # permanent, this parameter does not restart after failure Firewall -cmd --reload # does not interrupt user connections, ie without loss of state information
The basic use of firewalld
Start: systemctl start firewalld
Close: systemctl stop firewalld
View status: systemctl status firewalld
Power disabled: systemctl disable firewalld
Power On: systemctl enable firewalld
systemctl is CentOS7 service management tool in the main tool before it blends service and chkconfig functions in one. Start a service: systemctl start firewalld.service Close a service: systemctl stop firewalld.service Restart a service: systemctl restart firewalld.service A status display services: systemctl status firewalld.service Enable a service at boot: systemctl enable firewalld.service At boot disable a service: systemctl disable firewalld.service See if service startup: systemctl IS - Enabled firewalld.service View your active list of services: systemctl List -unit-Files | grep Enabled View a list of services failed to start: systemctl --failed
Configuration firewalld- cmd View Version: Firewall -cmd - Version View Help: Firewall -cmd - Help Display status: Firewall -cmd - State View all open ports: Firewall -cmd --zone = public --list- the ports Update firewall rules: Firewall -cmd - reload Viewing area information: Firewall -cmd --get-Active- Zones Specifies an interface belongs: Firewall -cmd --get-Zone-of-interface = eth0 Reject all packages: Firewall -cmd --panic- ON Unblock state: Firewall -cmd --panic- OFF Check whether to reject: Firewall -cmd --query-panic