1.端口添加后需防火墙重新载入,否则不生效,查询端口是否开放firewall-cmd --zone=public --query-port=80/tcp会返回no
2.端口开启后必须有守护进程如nginx,否则netstat -anp | grep 80不到结果
firewall-cmd --zone=public --add-port=8080/tcp --permanent (需重新载入后才会生效!!)
注:--permanent永久生效,没有此参数重启后失效
firewall-cmd --reload
firewall-cmd --zone=public --query-port=8080/tcp
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
下面两个命令都可以
systemctl status firewalld.service
firewall-cmd --state
其实一个服务对应一个端口,每个服务对应/usr/lib/firewalld/services下面一个xml文件。
firewall-cmd --list-services
[root@vultr ~]# firewall-cmd --list-services
dhcpv6-client ssh
[root@vultr ~]# systemctl status firewalld.service
?firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-10-24 07:11:32 UTC; 19h ago
Docs: man:firewalld(1)
Main PID: 478 (firewalld)
CGroup: /system.slice/firewalld.service
?478 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
[root@vultr ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@vultr ~]# firewall-cmd --list-services
dhcpv6-client ssh
[root@vultr ~]# firewall-cmd --zone=public --query-port=80/tcp
no
[root@vultr ~]# firewall-cmd --reload
success
[root@vultr ~]# yum install net-tools -y
Loaded plugins: fastestmirror
...
Complete!
[root@vultr ~]# netstat -nltp | grep 80
[root@vultr ~]# netstat -nltp | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 901/sshd
tcp6 0 0 :::22 :::* LISTEN 901/sshd
[root@vultr ~]# firewall-cmd --zone=public --list-ports
80/tcp
[root@vultr ~]# firewall-cmd --list-ports
80/tcp
[root@vultr ~]# netstat -anp | grep 80
tcp 0 0 207.246.69.113:22 222.73.196.18:64600 ESTABLISHED 18057/sshd: root@pt
tcp 0 1280 207.246.69.113:22 222.186.52.78:17382 ESTABLISHED 18449/sshd: [accept
unix 2 [ ACC ] STREAM LISTENING 14580 1135/master private/bounce
unix 2 [ ] DGRAM 386950 18057/sshd: root@pt
unix 2 [ ] DGRAM 365280 17278/pickup
unix 3 [ ] STREAM CONNECTED 12380 443/crond
[root@vultr ~]# netstat -anp | grep :80
[root@vultr ~]# firewall-cmd --query-port=80/tcp
yes
[root@vultr ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
[root@vultr ~]# firewall-cmd --query-port=8080/tcp
no
[root@vultr ~]# firewall-cmd --reload
success
[root@vultr ~]# firewall-cmd --query-port=8080/tcp
yes
[root@vultr ~]# firewall-cmd --list-service
dhcpv6-client ssh
[root@vultr ~]# netstat -anp | grep :80
[root@vultr ~]# netstat -anp | grep 80
tcp 0 1280 207.246.69.113:22 222.186.52.78:28130 ESTABLISHED 18532/sshd: [accept
tcp 0 0 207.246.69.113:22 222.73.196.18:64600 ESTABLISHED 18057/sshd: root@pt
tcp 0 1280 207.246.69.113:22 222.186.52.78:60669 ESTABLISHED 18642/sshd: [accept
unix 2 [ ACC ] STREAM LISTENING 14580 1135/master private/bounce
unix 2 [ ] DGRAM 386950 18057/sshd: root@pt
unix 2 [ ] DGRAM 365280 17278 pickup
unix 3 [ ] STREAM CONNECTED 394580 18642/sshd: [accept
unix 3 [ ] STREAM CONNECTED 12380 443/crond
[root@vultr ~]# netstat -anp | grep 8080
[root@vultr ~]# yum install -y nginx
Loaded plugins: fastestmirror
...
Complete!
[root@vultr ~]# systemctl start nginx
[root@vultr ~]# vi /etc/nginx/nginx.conf
[root@vultr ~]# netstat -anp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 18744/nginx: master
tcp 0 0 207.246.69.113:22 222.73.196.18:64600 ESTABLISHED 18057/sshd: root@pt
tcp 0 1280 207.246.69.113:22 222.186.52.78:20143 ESTABLISHED 18727/sshd: [accept
tcp6 0 0 :::80 :::* LISTEN 18744/nginx: master
unix 2 [ ACC ] STREAM LISTENING 14580 1135/master private/bounce
unix 2 [ ] DGRAM 386950 18057/sshd: root@pt
unix 2 [ ] DGRAM 365280 17278/pickup
unix 3 [ ] STREAM CONNECTED 12380 443/crond
[root@vultr ~]# firewall-cmd --list-service
dhcpv6-client ssh
[root@vultr ~]# cd /usr/share/nginx/html
[root@vultr html]# ls
404.html 50x.html en-US icons img index.html nginx-logo.png poweredby.png
[root@vultr html]# cp index.html index2.html
[root@vultr html]# vi index2.html