一、查看防火墙状态
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --state
running
二、查看已经开放的端口
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --list-ports
20/tcp 21/tcp 22/tcp 80/tcp 8888/tcp 39000-40000/tcp 3306/tcp 3306/udp 8080/tcp 8080/udp 3316/tcp 3316/udp 8081/tcp 8081/udp 7003/tcp 7003/udp 9800/tcp 9800/udp 6379/tcp 6379/udp 443/tcp 8090/tcp 8090/udp 6380/tcp 6380/udp 6381/tcp 6381/udp 6379-16389/tcp 6379-16389/udp 2181/tcp 9876/tcp 9876/udp 10911/tcp 10911/udp 10909/tcp 10909/udp 1883/tcp 1883/udp 8083/tcp 8083/udp 8883/tcp 8883/udp 8084/tcp 8084/udp 18083/tcp 18083/udp
三、查看指定端口是否开放
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --query-port=8848/tcp
yes
四、放行一个端口
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --zone=public --add-port=443/tcp --permanent
Warning: ALREADY_ENABLED: 443:tcp
success
# 放行一个端口后,需要重新加载刷新防火墙配置
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --reload
success
# 同时重启一下防火墙
[root@iz2zedg4ylq9iqtwm11wecz logs]# systemctl restart firewalld.service
五、重载刷新防火墙配置
[root@iz2zedg4ylq9iqtwm11wecz logs]# firewall-cmd --reload
success
六、开启防火墙
[root@iz2zedg4ylq9iqtwm11wecz logs]# systemctl start firewalld.service
七、重启防火墙
[root@iz2zedg4ylq9iqtwm11wecz logs]# systemctl restart firewalld.service
八、查看端口号是否被占用
# 为 LISTEN 表示占用
[root@iz2zedg4ylq9iqtwm11wecz conf]# netstat -anp |grep 8848
tcp 0 0 0.0.0.0:8848 0.0.0.0:* LISTEN 5082/java
[root@iz2zedg4ylq9iqtwm11wecz conf]# netstat -anp |grep 8849 # 如果什么都没有表示没有被占用
[root@iz2zedg4ylq9iqtwm11wecz conf]# netstat -anp |grep 8849
[root@iz2zedg4ylq9iqtwm11wecz conf]# netstat -anp |grep 8848
tcp 0 0 0.0.0.0:8848 0.0.0.0:* LISTEN 5082/java
[root@iz2zedg4ylq9iqtwm11wecz conf]#
注意:5082/java 的数字表示进程id,可以通过进程id关闭服务
kill -9 5082