CentOS 7\8 firewall查看信息及放通端口
2020-05-22 本文已影响0人
clam314
一、firewall.service
#开启防火墙
$ systemctl start firewalld.service
#开启防火墙
$ systemctl stop firewalld.service
#查看防火墙状态
$ systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: >
Active: active (running) since Thu 2020-05-21 12:37:48 EDT; 10min ago
Docs: man:firewalld(1)
Main PID: 8476 (firewalld)
Tasks: 2 (limit: 4884)
Memory: 2.8M
CGroup: /system.slice/firewalld.service
└─8476 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:50 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:51 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
5月 21 12:37:51 node1 firewalld[8476]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w>
二、查看firewall的所有信息或放通端口
#查看信息
[owl314@node1 ~]$ firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="172.17.0.0/16" accept
rule family="ipv4" source address="172.27.0.0/16" accept
#查看放通端口
[owl314@node1 ~]$ firewall-cmd --list-ports
2376/tcp
三、放通端口
#放通2376端口
[owl314@node1 ~]$ firewall-cmd --zone=public --add-port=2376/tcp --permanent
success
#重启firewal后修改才生效
[owl314@node1 ~]$ systemctl restart firewalld.service
[owl314@node1 ~]$ firewall-cmd --list-ports
2376/tcp
