Shulou(Shulou.com)06/02 Report--

View the status of ports open to the outside world

Query the open port netstat-anp

Query whether the specified port has firewall-cmd enabled-query-port=666/tcp prompts yes to indicate that it is enabled; no indicates that it is not enabled.

View firewall status

View firewall status systemctl status firewalld

Turn on firewall systemctl start firewalld

Turn off Firewall systemctl stop firewalld

Turn on firewall service firewalld start

If you can't open it, use: systemctl unmask firewalld.service and then: systemctl start firewalld.service

External development port

Check whether the port you want to open is open: firewall-cmd-- query-port=6379/tcp

Add specified ports that need to be open: firewall-cmd-- add-port=123/tcp-- permanent

Reload the added port: firewall-cmd-- reload

Query whether the specified port is enabled successfully: firewall-cmd-- query-port=123/tcp

Remove designated port: firewall-cmd-- permanent-- remove-port=123/tcp

Through iptables processing

Install iptables-services: yum install iptables-services

Go to the following directory to modify: / etc/sysconfig/iptables

Iptables view, add, delete, modify, permanent effective 1, view

Iptables-nvL-- line-number-L to view all the rules of the current table. The default view is the filter table. If you want to view the NAT table, you can add the-t NAT parameter.

-n does not reverse check the ip address, plus this parameter shows that the speed will be much faster

-v outputs details, including the number of packets passing through the rule, the total number of bytes, and the corresponding network interface

-- line-number displays the serial number of the rule, which is used when deleting or modifying the rule

2. Add

Adding a rule has two parameters:-An and-I. Where-An is added to the end of the rule;-I can be inserted at the specified location, or by default at the beginning of the rule if there is no specified location.

Iptables-An INPUT-s 192.168.1.5-j DROP

3. Delete

Delete the previously added rule with the-D parameter: iptables-An INPUT-s 192.168.1.5-j DROP

Sometimes the rule to be deleted is too long, and you have to write a long string when deleting, which is both time-consuming and easy to make mistakes. At this time, we can first use-line-number to find out the line number of the rule, and then delete the rule by the line number.

4. Modification

Modify the use-R parameter: iptables-R INPUT 3-j ACCEPT

5. Permanent effect

Service iptables save

Service iptables restart

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.