Centos7.1 firewall open port quick method
- 2020-05-17 07:27:12
- OfStack
For example, after installing Nagios, port 5666 should be opened to connect with the server. The command is as follows:
[root@centos7-1 ~]# firewall-cmd --add-port=5666/tcp Even if I open it, it could be here 1 Range of ports, such as 1000-2000/tcp
success
[root@centos7-1 ~]# firewall-cmd --permanent --add-port=5666/tcp Write configuration file
success
[root@centos7-1 ~]# firewall-cmd --reload Restart the firewall
success
[root@centos7-1 ~]#
CentOS 7 open port:
When CentOS was upgraded to 7, it was found that iptables could not be used to control the port of Linuxs. After google, it was found that Centos 7 used firewalld instead of the original iptables. The following documents how to open Linux port using firewalld:
Open port
firewall-cmd --zone=public --add-port=80/tcp --permanent
Command meaning:
-- the zone # scope
-- add-port =80/tcp # add port, format: port/communication protocol
--permanent # is permanently active, and will not be rebooted without this parameter
Restart the firewall
firewall-cmd --reload
Set CentOS firewall open port:
The CentOS firewall sometimes needs to be changed when we use the CentOS system. CentOS firewall is open by default. The method of setting CentOS firewall open port is as follows:
Open the configuration file for iptables: vi /etc/sysconfig/iptables
Note when modifying the CentOS firewall: 1 must leave a good way for yourself, leaving VNC1 management port and SSh management port
Here is an example of iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp � icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m tcp -p tcp � dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m udp -p udp � dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m tcp -p tcp � dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m tcp -p tcp � dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m tcp -p tcp � dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state � state NEW -m tcp -p tcp � dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT � reject-with icmp-host-prohibited
COMMIT
The important thing to note about modifying the CentOS firewall is that you will have to modify this file based on your own server.
For example, if you do not want to open port 80 to provide web service, you should delete this line accordingly:
-- A RH-Firewall-1-INPUT-m state, NEW tcp, tcp tcp, dport j ACCEPT
Restart iptables:service iptables restart after all modifications have been made
You can check 1 to see if the rules are in effect: iptables-L
This completes the modification of the CentOS firewall.