Of Stack

Centos7.1 firewall open port quick method

  • 2020-05-17 07:27:12
  • OfStack

For example, after installing Nagios, port 5666 should be opened to connect with the server. The command is as follows: 


[root@centos7-1 ~]# firewall-cmd --add-port=5666/tcp Even if I open it, it could be here 1 Range of ports, such as 1000-2000/tcp
success
[root@centos7-1 ~]# firewall-cmd --permanent --add-port=5666/tcp Write configuration file 
success
[root@centos7-1 ~]# firewall-cmd --reload Restart the firewall 
success
[root@centos7-1 ~]#

CentOS 7 open port:

When CentOS was upgraded to 7, it was found that iptables could not be used to control the port of Linuxs. After google, it was found that Centos 7 used firewalld instead of the original iptables. The following documents how to open Linux port using firewalld:

Open port 


firewall-cmd --zone=public --add-port=80/tcp --permanent

Command meaning:

-- the zone # scope
-- add-port =80/tcp # add port, format: port/communication protocol
--permanent # is permanently active, and will not be rebooted without this parameter

Restart the firewall 


firewall-cmd --reload

Set CentOS firewall open port:

The CentOS firewall sometimes needs to be changed when we use the CentOS system. CentOS firewall is open by default. The method of setting CentOS firewall open port is as follows:

Open the configuration file for iptables: vi /etc/sysconfig/iptables

Note when modifying the CentOS firewall: 1 must leave a good way for yourself, leaving VNC1 management port and SSh management port

Here is an example of iptables: 


# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp  � icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m tcp -p tcp  � dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m udp -p udp  � dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m tcp -p tcp  � dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m tcp -p tcp  � dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m tcp -p tcp  � dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state  � state NEW -m tcp -p tcp  � dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT  � reject-with icmp-host-prohibited
COMMIT

The important thing to note about modifying the CentOS firewall is that you will have to modify this file based on your own server.

For example, if you do not want to open port 80 to provide web service, you should delete this line accordingly:
-- A RH-Firewall-1-INPUT-m state, NEW tcp, tcp tcp, dport j ACCEPT

Restart iptables:service iptables restart after all modifications have been made

You can check 1 to see if the rules are in effect: iptables-L

This completes the modification of the CentOS firewall.

Related articles: