本文翻译自:Open firewall port on CentOS 7
I am using CentOS 7 and I have to ensure that ports 2888 and 3888 are open.
我正在使用CentOS 7,并且必须确保端口2888和3888已打开。I read this article but this did not work because on CentOS 7 OS there is no
iptables save
command.
我读了这篇文章,但是没有用,因为在CentOS 7 OS上没有iptables save
Someone told me that the above URL is not valid for CentOS 7. and I should follow this .
有人告诉我,上述URL对CentOS 7无效。我应该遵循这一点 。But this article is not clear to me on exactly what command I need to execute.
但是这篇文章对我到底需要执行什么命令尚不清楚。I also found
我也发现firewall-cmd --zone=public --add-port=2888/tcp
but this does not survive reboots.
但这无法在重新启动后继续存在。So how can I open the ports and make it survive reboots?
那么,如何打开端口并使其在重启后不受影响?#1楼
参考:https://stackoom.com/question/1fl9E/在CentOS-上打开防火墙端口
#2楼
Use this command to find your active zone(s):
使用此命令查找您的活动区域:firewall-cmd --get-active-zones
It will say either public, dmz, or something else.
它会说是public,dmz或其他名称。You should only apply to the zones required.
您只应申请所需的区域。In the case of public try:
在公共尝试的情况下:firewall-cmd --zone=public --add-port=2888/tcp --permanent
Then remember to reload the firewall for changes to take effect.
然后,请记住重新加载防火墙以使更改生效。firewall-cmd --reload
Otherwise, substitute public for your zone, for example, if your zone is dmz:
否则,用public代替您的区域,例如,如果您的区域是dmz:firewall-cmd --zone=dmz --add-port=2888/tcp --permanent
#3楼
The answer by ganeshragav is correct, but it is also useful to know that you can use:
ganeshragav的回答是正确的,但是知道可以使用它也很有用:firewall-cmd --permanent --zone=public --add-port=2888/tcp
but if is a known service, you can use:
但如果是已知服务,则可以使用:firewall-cmd --permanent --zone=public --add-service=http
and then reload the firewall
然后重新加载防火墙firewall-cmd --reload
[ Answer modified to reflect Martin Peter's comment, original answer had
--permanent
at end of command line ]
[答案经过修改以反映Martin Peter的评论,原始答案在命令行末尾具有--permanent
#4楼
CentOS (RHEL) 7, has changed the firewall to use
firewall-cmd
which has a notion of zones which is like a Windows version of Public, Home, and Private networks.
CentOS(RHEL)7已将防火墙更改为使用firewall-cmd
You should look here to figure out which one you think you should use.
您应该在此处查看您认为应该使用哪一个。EL7 uses
public
by default so that is what my examples below use.
EL7默认情况下使用public
You can check which zone you are using with
firewall-cmd --list-all
and change it with
firewall-cmd --set-default-zone=<zone>
.
您可以使用firewall-cmd --list-all
firewall-cmd --set-default-zone=<zone>
You will then know what zone to allow a service (or port) on:
然后,您将知道在哪个区域允许服务(或端口):firewall-cmd --permanent --zone=<zone> --add-service=http
firewall-cmd --permanent --zone=<zone> --add-port=80/tcp
You can check if the port has actually be opened by running:
您可以通过运行以下命令检查端口是否已实际打开:firewall-cmd --zone=<zone> --query-port=80/tcp
firewall-cmd --zone=<zone> --query-service=http
According to the documentation ,
根据文档 ,When making changes to the firewall settings in Permanent mode, your selection will only take effect when you reload the firewall or the system restarts. 在“永久”模式下更改防火墙设置时,您的选择仅在重新加载防火墙或系统重新启动后才生效。
You can reload the firewall settings with:
firewall-cmd --reload
.
您可以使用以下命令重新加载防火墙设置:firewall-cmd --reload
#5楼
Fedora, did it via
iptables
iptables
sudo iptables -I INPUT -p tcp --dport 3030 -j ACCEPT
sudo service iptables save
Seems to work
似乎可以工作#6楼
If you are familiar with iptables service like in centos 6 or earlier, you can still use iptables service by manual installation:
如果您熟悉centos 6或更早版本中的iptables服务,仍然可以通过手动安装来使用iptables服务:step 1 => install epel repo
步骤1 =>安装epel回购yum install epel-release 百胜安装epel-release
step 2 => install iptables service
步骤2 =>安装iptables服务yum install iptables-services 百胜安装iptables-服务
step 3 => stop firewalld service
步骤3 =>停止Firewalld服务systemctl stop firewalld systemctl停止防火墙
step 4 => disable firewalld service on startup
步骤4 =>在启动时禁用firewalld服务systemctl disable firewalld systemctl禁用防火墙
step 5 => start iptables service
步骤5 =>启动iptables服务systemctl start iptables systemctl启动iptables
step 6 => enable iptables on startup
步骤6 =>在启动时启用iptablessystemctl enable iptables systemctl启用iptables
finally you're now can editing your iptables config at /etc/sysconfig/iptables.
最后,您现在可以在/ etc / sysconfig / iptables中编辑iptables配置。So -> edit rule -> reload/restart.
所以->编辑规则->重新加载/重启。do like older centos with same function like firewalld.
确实喜欢较早的centos,具有与firewalld相同的功能。![一分钟修改好Linux中root密码Linux修改root密码[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)