返回列表

CentOS下弃用iptables使用firewalld添加开放端口 80端口

默认分类 2019/10/25 03:47

1.端口添加后需防火墙重新载入,否则不生效,查询端口是否开放firewall-cmd --zone=public --query-port=80/tcp会返回no
2.端口开启后必须有守护进程如nginx,否则netstat -anp | grep 80不到结果

CentOS下firewalld添加开放端口

添加

firewall-cmd --zone=public --add-port=8080/tcp --permanent (需重新载入后才会生效!!)
注:--permanent永久生效,没有此参数重启后失效

重新载入

firewall-cmd --reload

查看

firewall-cmd --zone=public --query-port=8080/tcp

删除

firewall-cmd --zone=public --remove-port=8080/tcp --permanent

查看firewall是否运行

下面两个命令都可以

systemctl status firewalld.service
firewall-cmd --state

查看当前开了哪些端口

其实一个服务对应一个端口,每个服务对应/usr/lib/firewalld/services下面一个xml文件。

firewall-cmd --list-services

示例代码如下:

[root@vultr ~]# firewall-cmd --list-services
dhcpv6-client ssh

[root@vultr ~]# systemctl status firewalld.service
?𹠠firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-10-24 07:11:32 UTC; 19h ago
     Docs: man:firewalld(1)
 Main PID: 478 (firewalld)
   CGroup: /system.slice/firewalld.service
           ?𺰿𺲀478 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

[root@vultr ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success

[root@vultr ~]# firewall-cmd --list-services
dhcpv6-client ssh

[root@vultr ~]# firewall-cmd --zone=public --query-port=80/tcp
no

[root@vultr ~]# firewall-cmd --reload
success

[root@vultr ~]# yum install net-tools -y
Loaded plugins: fastestmirror
...

Complete!

[root@vultr ~]# netstat -nltp | grep 80

[root@vultr ~]# netstat -nltp | grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      901/sshd            
tcp6       0      0 :::22                   :::*                    LISTEN      901/sshd            

[root@vultr ~]# firewall-cmd --zone=public --list-ports
80/tcp

[root@vultr ~]# firewall-cmd --list-ports
80/tcp

[root@vultr ~]# netstat -anp | grep 80
tcp        0      0 207.246.69.113:22       222.73.196.18:64600     ESTABLISHED 18057/sshd: root@pt 
tcp        0   1280 207.246.69.113:22       222.186.52.78:17382     ESTABLISHED 18449/sshd: [accept 
unix  2      [ ACC ]     STREAM     LISTENING     14580    1135/master          private/bounce
unix  2      [ ]         DGRAM                    386950   18057/sshd: root@pt  
unix  2      [ ]         DGRAM                    365280   17278/pickup         
unix  3      [ ]         STREAM     CONNECTED     12380    443/crond            


[root@vultr ~]# netstat -anp | grep :80

[root@vultr ~]# firewall-cmd --query-port=80/tcp
yes

[root@vultr ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success

[root@vultr ~]# firewall-cmd --query-port=8080/tcp
no

[root@vultr ~]# firewall-cmd --reload
success

[root@vultr ~]# firewall-cmd --query-port=8080/tcp
yes

[root@vultr ~]# firewall-cmd --list-service
dhcpv6-client ssh

[root@vultr ~]# netstat -anp | grep :80

[root@vultr ~]# netstat -anp | grep 80
tcp        0   1280 207.246.69.113:22       222.186.52.78:28130     ESTABLISHED 18532/sshd: [accept 
tcp        0      0 207.246.69.113:22       222.73.196.18:64600     ESTABLISHED 18057/sshd: root@pt 
tcp        0   1280 207.246.69.113:22       222.186.52.78:60669     ESTABLISHED 18642/sshd: [accept 
unix  2      [ ACC ]     STREAM     LISTENING     14580    1135/master          private/bounce
unix  2      [ ]         DGRAM                    386950   18057/sshd: root@pt  
unix  2      [ ]         DGRAM                    365280   17278/pickup         
unix  3      [ ]         STREAM     CONNECTED     394580   18642/sshd: [accept  
unix  3      [ ]         STREAM     CONNECTED     12380    443/crond            

[root@vultr ~]# netstat -anp | grep 8080

[root@vultr ~]# yum install -y nginx
Loaded plugins: fastestmirror
...

Complete!

[root@vultr ~]# systemctl start nginx

[root@vultr ~]# vi /etc/nginx/nginx.conf

[root@vultr ~]# netstat -anp | grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      18744/nginx: master 
tcp        0      0 207.246.69.113:22       222.73.196.18:64600     ESTABLISHED 18057/sshd: root@pt 
tcp        0   1280 207.246.69.113:22       222.186.52.78:20143     ESTABLISHED 18727/sshd: [accept 
tcp6       0      0 :::80                   :::*                    LISTEN      18744/nginx: master 
unix  2      [ ACC ]     STREAM     LISTENING     14580    1135/master          private/bounce
unix  2      [ ]         DGRAM                    386950   18057/sshd: root@pt  
unix  2      [ ]         DGRAM                    365280   17278/pickup         
unix  3      [ ]         STREAM     CONNECTED     12380    443/crond            

[root@vultr ~]# firewall-cmd --list-service
dhcpv6-client ssh

[root@vultr ~]# cd /usr/share/nginx/html

[root@vultr html]# ls
404.html  50x.html  en-US  icons  img  index.html  nginx-logo.png  poweredby.png

[root@vultr html]# cp index.html index2.html 

[root@vultr html]# vi index2.html 


>> 留言评论