Detailed explanation of centos6 and centos7 firewall closure
- 2020-05-15 03:27:45
- OfStack
CentOS 6.5 check the status of the firewall:
[zh@localhost ~]$service iptable status
Display results:
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
CentOS 6.5 close the firewall
[root@localhost ~]#servcie iptables stop -- Temporarily shut down the firewall
[root@localhost ~]#chkconfig iptables off -- Permanently shut down firewall
CentOS 7.2 close the firewall
CentOS 7.0 USES firewall as a firewall by default, but this is changed to iptables firewall step.
firewall-cmd --state # view the default firewall status (notrunning displayed when turned off, running displayed when turned on)
[root@localhost ~]#firewall-cmd --state
not running
Check the status of the firewall:
Starting with centos7, systemctl is used to manage services and programs, including service and chkconfig.
[root@localhost ~]#systemctl list-unit-files|grep firewalld.service -- The firewall is off
firewalld.service disabled
or
[root@localhost ~]#systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Close the firewall:
systemctl stop firewalld.service # stop firewall
systemctl disable firewalld.service # prevents firewall from starting
[root@localhost ~]#systemctl stop firewalld.service
[root@localhost ~]#systemctl disable firewalld.service
Start the 1 A service: systemctl start firewalld.service
Shut down 1 A service: systemctl stop firewalld.service
restart 1 A service: systemctl restart firewalld.service
According to 1 Service status: systemctl status firewalld.service
Enable at boot time 1 A service: systemctl enable firewalld.service
Disable at boot time 1 A service: systemctl disable firewalld.service
Check whether the service starts up: systemctl is-enabled firewalld.service;echo $?
View the list of started services: systemctl list-unit-files|grep enabled
Centos 7 firewall command:
View already open ports:
firewall-cmd --list-ports
Open port
firewall-cmd --zone=public --add-port=80/tcp --permanent
Command meaning:
The scope of the WSD 72en #
Add port: port/communication protocol. Add port: port/communication protocol
The WSD 80en # is permanently active, and will no longer work when restarted without this parameter
Restart the firewall
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
0
Version CentOS 7 below iptables command
To open port 80,22,8080, type the following command
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
1
Then save:
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
2
View the open port:
/etc/init.d/iptables status
Close the firewall
1) it is permanently effective and will not recover after restart
On: chkconfig iptables on
Off: chkconfig iptables off
2) it will take effect immediately and resume after restart
On: service iptables start
Close: service iptables stop
View firewall status: service iptables status
Here's the difference between the default firewalls for CentOS7 and 6
CentOS 7 USES firewall as a firewall by default, and iptables must be reset 1 times
1, directly close the firewall
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
4
2. Set iptables service
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
5
If you want to modify the firewall configuration, add firewall port 3306
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
6
Increase the rules
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
7
Save after exit
systemctl restart iptables.service # Restart the firewall to enable the configuration
systemctl enable iptables.service # Set the firewall to boot
Finally, restart the system to enable the Settings to take effect.
[zh@localhost ~]$service iptable status
Redirecting to /bin/systemctl status iptable.service
iptable.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead) -- Means the firewall is down
9
Resolved that the host could not access the site in virtual machine CentOS
I installed CentOS6.2 and apache+php+mysql on the virtual machine a while ago, but the machine just couldn't be accessed. I'm not going to do anything.
The details are as follows
1. This function ping is connected to the virtual machine
2. The virtual machine can also connect ping to the machine
3. The virtual machine accesses its web
4. The machine cannot access web of the virtual machine
Later found that the firewall will be 80 port blocked the reason.
To check if port 80 of the server is blocked by the firewall, you can use the command telnet server_ip 80.
The solution is as follows:
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Then save:
/etc/rc.d/init.d/iptables save
Restart the firewall
/etc/init.d/iptables restart
Shut down the CentOS firewall, shut down its services:
See CentOS firewall information: / etc init d/iptables status
Closed CentOS firewall services: / etc init d/iptables stop