Shulou(Shulou.com)06/02 Report--

How do I open a port in Centos7? In view of this problem, this article introduces the corresponding analysis and answers in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

The default firewall for CentOS7 is not iptables, but firewalle.

Install iptable iptable-service

# first check whether iptablesservice iptables status# is installed, iptablesyum install-y iptables# upgrade iptablesyum update iptables#, install iptables-servicesyum install iptables-services

Disable / stop native firewalld services

# stop firewalld service systemctl stop firewalld# disable firewalld service systemctl mask firewalld

Set up existing rules

# View iptables existing rules iptables-L-n # first allow all Otherwise, iptables-P INPUT ACCEPT# may be forced to empty all default rules iptables-F# empty all custom rules iptables-X# all counters belong to 0iptables-Z# allow packets from lo interface (local access) iptables-An INPUT-I lo-j ACCEPT# open port 22 iptables-An INPUT-p tcp-- dport 22-j ACCEPT# open port 21 (FTP) iptables-An INPUT-p tcp-- dport 21-j ACCEPT # Open Port 80 (HTTP) iptables-An INPUT-p tcp-- dport 80-j ACCEPT# Open Port 443 (HTTPS) iptables-An INPUT-p tcp-- dport 443-j ACCEPT# allows pingiptables-An INPUT-p icmp--icmp-type 8-j ACCEPT# to allow RELATED of returned data after accepting local requests Iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT# set for FTP all other inbound will discard iptables-P INPUT DROP# all outbound green light iptables-P OUTPUT ACCEPT# all forwarding will discard iptables-P FORWARD DROP

Other rule settings

# if you want to add private network ip trust (accept all its TCP requests) iptables-An INPUT-p tcp-s 45.96.174.68-j ACCEPT# filter all requests other than the above rule iptables-P INPUT DROP# to block an IP, use the following command: iptables-I INPUT-s *.-j DROP# to unblock an IP Use the following command: iptables-D INPUT-s *.-j DROP

Save rule settings

# Save the above rule service iptables save

Enable the iptables service

# sign up for the iptables service # equivalent to the previous chkconfig iptables onsystemctl enable iptables.service# enabling service systemctl start iptables.service# to view the status systemctl status iptables.service

Fixed the problem that vsftpd cannot use passive mode after iptables is turned on

1. First modify or add the following in / etc/sysconfig/iptables-config

Add the following, note that the order cannot be changed

IPTABLES_MODULES= "ip_conntrack_ftp" IPTABLES_MODULES= "ip_nat_ftp"

two。 Reset iptables settings

Iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

The following is the complete setup script

#! / bin/shiptables-P INPUT ACCEPTiptables-Fiptables-Xiptables-Ziptables-An INPUT-I lo-j ACCEPTiptables-An INPUT-p tcp-dport 22-j ACCEPTiptables-An INPUT-p tcp-- dport 21-j ACCEPTiptables-An INPUT-p tcp-dport 80-j ACCEPTiptables-An INPUT-p tcp-dport 443-j ACCEPTiptables-An INPUT-p icmp--icmp-type 8-j ACCEPTiptables-An INPUT-m state-- state RELATED ESTABLISHED-j ACCEPTiptables-P INPUT DROPiptables-P OUTPUT ACCEPTiptables-P FORWARD DROPservice iptables save's answer to the question on how to open a port in Centos7 is shared here. I hope the above content can help you to a certain extent, if you still have a lot of doubts to be solved, you can follow the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.