firewall命令行详解

Firewall的端口开放与关闭命令:
1、使用:netstat -anp 查看所有开发端口

2、查询firewalld状态: service firewalld status 或者 systemctl status firewalld
可能出现以下问题:

[root@hadoop10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: failed (Result: timeout) since 日 2020-10-11 09:38:51 CST; 21min ago
     Docs: man:firewalld(1)
  Process: 2613 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 2613 (code=exited, status=0/SUCCESS)

10月 11 09:37:20 hadoop10 systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 11 09:38:50 hadoop10 systemd[1]: firewalld.service start operation timed out. Terminating.
10月 11 09:38:51 hadoop10 systemd[1]: Failed to start firewalld - dynamic firewall daemon.
10月 11 09:38:51 hadoop10 systemd[1]: Unit firewalld.service entered failed state.
10月 11 09:38:51 hadoop10 systemd[1]: firewalld.service failed.

可以看到上面中出现的错误:执行即可:
systemctl stop firewalld;
pkill -f firewalld;
systemctl start firewalld

3、启用防火墙:service firewalld start

4、查询对应端口号:firewall-cmd --query-port=8085/tcp
[root@hadoop10 ~]# firewall-cmd --query-port=8085/tcp
no

5、开启防火墙端口:firewall-cmd --add-port=8085/tcp --permanent ;
开放指定端口 firewall-cmd --zone=public --add-port=8085/tcp --permanent 命令含义: --zone #作用域 --add-port=8085/tcp #添加端口,格式为:端口/通讯协议 --permanent #永久生效,没有此参数重启后失效。

6、重启防火墙生效:firewall-cmd --reload

7、关闭防火墙端口:firewall-cmd --remove-port=8085/tcp --permanent
重启防火墙生效:firewall-cmd --reload

8、查看端口号 netstat -ntlp //查看当前所有tcp端口· netstat -ntulp |grep 22 //查看所有22端口使用情况·

[root@hadoop10 ~]# netstat -ntlp | grep 22
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1947/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1221/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      1221/sshd      

你可能感兴趣的