Shulou(Shulou.com)06/01 Report--

This article is about how to open the firewall port under Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

How to open the port:

Method 1: command line mode

1. Open port command: / sbin/iptables-I INPUT-p tcp-- dport 8080-j ACCEPT 2. Save: / etc/rc.d/init.d/iptables save 3. Restart the service: / etc/init.d/iptables restart 4. Check whether the port is open: / sbin/iptables-L-n method 2: edit / etc/sysconfig/iptables file directly

1. Edit / etc/sysconfig/iptables file: vi / etc/sysconfig/iptables add content and save:-A RH-Firewall-1-INPUT-m state-- state NEW-m tcp-p tcp-- dport 8080-j ACCEPT 2. Restart the service: / etc/init.d/iptables restart 3. Check whether the port is open: / sbin/iptables-L-n, but I can't save it one by one. Check the Internet and find that you don't need iptables save to modify the file directly. Restart the iptables and reload the configuration. Iptables save writes the current iptables to / etc/sysconfig/iptables. I can't restart directly without save, so method 2: query whether the port has a process daemon, use the following command to grep the corresponding port, such as 80: netstat-nalp | grep 80 & netstat-anp | grep your port number

Firewalled command

Various configuration files of fire wall are stored in various xml files in / usr/lib/firewalld and / etc/firewalld/. Operation of firewalld: yum install firewalld firewall-config # # install firewalld and graphical interface firewall-config # # Open graphical interface systemctl status firewalld # # View fire wall status systemctl start firewalld # # enable fire wall service systemctl stop firewalld # # turn off fire wall service systemctl enable firewalld # # turn on automatically Systemctl disable firewalld # # do not boot systemctl mask firewalld # # freeze Fire Wall Service systemctl unmask firewalld # # unfreeze Fire Wall Service firewall-cmd-- state # # View Fire Wall status firewall-cmd-- get-default-zone # # View Fire Wall default domain firewall-cmd-- get-active-zone # # View Fire Wall activity domain firewall-cmd-- get-zones # # View Fire Wall all available domains firewall-cmd-- zone=public-- list-all # # list all settings firewall-cmd-- get-services # # list all preset service firewall-cmd-- list-all # # list settings for default zones firewall-cmd-- list-all-zones # # list settings for all zones firewall-cmd-- set-default-zone=dmz # # set default zones Add 172.25.254.44 to dmzfirewall-cmd-- add-source=172.25.254.44-- zone=trusted # # to firewall-cmd-- remove-source=172.25.254.44-- zone=trusted # # Delete 172.25.254.44 to firewall-cmd-- remove-interface=eth2-- zone=public # # Delete eth2 interface firewall-cmd-- add-interface=eth2-- zone=trusted # # add an interface eth2firewall-cmd-- -add-service=http # # add http service to Firewall firewall-cmd-- add-port=8080/tcp # # add port to 8080 The protocol is firewall-cmd-- permanent-- add-service=http # # for tcp to permanently add http to the fire wall * *-permanent parameter indicates a permanent setting, if the-zone parameter is not specified Then join the default area firewall-cmd-- zone=public-- list-ports # # list the port firewall-cmd-- permanent-- zone=public-- add-port=8080/tcp # # in the public domain and add the port firewall-cmd-- zone=public-- add-port=80/tcp-- permanent (--permanent takes effect permanently. Firewall-cmd-- permanent-- zone=public-- remove-port=8080/tcp # # Delete port firewall-cmd-- add-service=ssh-- permanent # # permanently add ssh service (you can view it after reloading) vim / etc/firewalld/zones/public.xml # # write the configuration file of the public domain, and you can add services (add lftp in this experiment) irewall-cmd-reload # # to reload the fire wall. Will not immediately interrupt the currently used service firewall-cmd-- complete-reload # # reload Firewall, will immediately interrupt the currently in-use service through the firewall-cmd tool, you can use the-- direct option to add or remove chains during runtime. If you are not familiar with iptables, it is dangerous to use a direct interface because you may inadvertently cause the fire wall to be invaded. Direct port mode applies to services or programs to add specific firewall rules during run time. Rules added in direct port mode take precedence over application. Firewall-cmd-- direct-- get-all-rules # # lists the rules firewall-cmd-- direct-- add-rule ipv4 filter INPUT 2-s 172.25.254.44-p tcp-- dport 22-j ACCEPT # # in the INPUT chain in the filter table, the second packet in the INPUT chain that is allowed to accept the tcp protocol accesses the host firewall-cmd-- direct-- remove-rule ipv4 filter INPUT 2-s 172 through port 22 (sshd). .25.254.44-p tcp-- dport 22-j ACCEPT # # remove firewall-cmd-- direct-- add-rule ipv4 filter INPUT 2! -s 172.25.254.44-p tcp-- dport 22-j ACCEPT # # add any host but 44 hosts can access cat / etc/services | grep ssh # # View service information related to ssh # # Port forwarding (address camouflage) firewall-cmd-- add-forward-port=port=22:proto=tcp:toport=22:toaddr=172.25.254.44 # # another host accesses the host through port 22 in disguise to 172. 25.254.44 firewall-cmd-- permanent on the host (camouflage must be enabled) firewall-cmd-- permanent-- add-masquerade # # enable camouflage firewall-cmd--reload # # need to reload firewall-cmd-- remove-forward-port=port=22:proto=tcp:toport=22:toaddr=172.25.254.44 # # remove firewall-cmd-- permanent-- remove-masquerade # # turn off camouflage # # to achieve routing function (connect different ip for address camouflage) on server There are two eth0:172.25.254.144 eth2:192.168.0.144 clients on the server: 192.168.0.244firewall-cmd-- add-rich-rule= "rule family=ipv4 source address=172.25.254.144 masquerade" firewall-cmd-- add-masquerade # #-- when opening camouflage firewall-cmd-- get-icmptypesfirewall-cmd-- add-icmp-block=destination-unreacheable # # ping shows that the destination is unreachable firewall-cmd-- remove-icmp-block=destination- Unreacheable # # remove firewall-cmd-add-icmp-block=echo_sedfirewall-cmd-add-icmp-block=echo-requestfirewall-cmd-remove-icmp-block=echo-requestfirewall-cmd-add-icmp-block=echo-request-timeout=5 # # Thank you for reading! This is the end of the article on "how to open the firewall port under Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.