firewall命令行详解
Firewall的端口开放与关闭命令:
1、使用:netstat -anp 查看所有开发端口
2、查询firewalld状态: service firewalld status 或者 systemctl status firewalld
可能出现以下问题:
[root@hadoop10 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: failed (Result: timeout) since 日 2020-10-11 09:38:51 CST; 21min agoDocs: man:firewalld(1)Process: 2613 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)Main PID: 2613 (code=exited, status=0/SUCCESS)10月 11 09:37:20 hadoop10 systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 11 09:38:50 hadoop10 systemd[1]: firewalld.service start operation timed out. Terminating.
10月 11 09:38:51 hadoop10 systemd[1]: Failed to start firewalld - dynamic firewall daemon.
10月 11 09:38:51 hadoop10 systemd[1]: Unit firewalld.service entered failed state.
10月 11 09:38:51 hadoop10 systemd[1]: firewalld.service failed.
可以看到上面中出现的错误:执行即可:
systemctl stop firewalld;
pkill -f firewalld;
systemctl start firewalld
3、启用防火墙:service firewalld start
4、查询对应端口号:firewall-cmd --query-port=8085/tcp
[root@hadoop10 ~]# firewall-cmd --query-port=8085/tcp
no
5、开启防火墙端口:firewall-cmd --add-port=8085/tcp --permanent ;
开放指定端口 firewall-cmd --zone=public --add-port=8085/tcp --permanent 命令含义: --zone #作用域 --add-port=8085/tcp #添加端口,格式为:端口/通讯协议 --permanent #永久生效,没有此参数重启后失效。
6、重启防火墙生效:firewall-cmd --reload
7、关闭防火墙端口:firewall-cmd --remove-port=8085/tcp --permanent
重启防火墙生效:firewall-cmd --reload
8、查看端口号 netstat -ntlp //查看当前所有tcp端口· netstat -ntulp |grep 22 //查看所有22端口使用情况·
[root@hadoop10 ~]# netstat -ntlp | grep 22
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1947/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1221/sshd
tcp6 0 0 :::22 :::* LISTEN 1221/sshd