一、首先我们要认识下防火墙的基础常用命令:
firewall-cmd --state
#显示状态
systemctl status firewalld
#查看状态
systemctl start firewalld.service
#启动
systemctl stop firewalld.service
#关闭
systemctl disable firewalld
#开机禁用
systemctl enable firewalld
#开机启用
systemctl stop firewalld.service
#关闭防火墙开机自启动
systemctl disable firewalld.service
#可永久关闭防火墙
firewall-cmd --get-active-zo
#查看区域信息
firewall-cmd --version
#查看版本
firewall-cmd --help
#查看帮助
二、防火墙开放端口操作配置
1、查看系统已开放的端口:
[root@test-centos7 ~]# firewall-cmd --zone=public --list-ports
5901/tcp
2、开放端口,上述表示已开放了5901的vnc服务端口,现以开放80端口为例, #–permanent永久生效,没有此参数重启后失效:
[root@test-centos7 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
3、要想生效必须重新加载一下,这一步很重要!!!
[root@test-centos7 ~]# firewall-cmd --reload
success
4、防火墙关闭端口,记得一定要重新加载下防火墙才能生效:
[root@test-centos7 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
5、查看端口被哪个进程占用:
netstat -lnp | grep 5901 ##如无此工具直接yum安装net-tools工具 “yum install net-tools”
netstat -ntlp #查看端口
[root@test-centos7 ~]# netstat -lnp | grep 8000
[root@test-centos7 ~]# netstat -lnp | grep 5901
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1284/Xvnc
tcp6 0 0 :::5901 :::* LISTEN 1284/Xvnc
[root@test-centos7 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1100/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1342/master
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1284/Xvnc
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 729/rpcbind
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1284/Xvnc
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1686/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1099/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1100/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1342/master
tcp6 0 0 :::5901 :::* LISTEN 1284/Xvnc
tcp6 0 0 :::111 :::* LISTEN 729/rpcbind
tcp6 0 0 :::6001 :::* LISTEN 1284/Xvnc
tcp6 0 0 :::22 :::* LISTEN 1099/sshd
三、Centos7怎么永久关闭防火墙
`systemctl status firewalld.service` #查看防火墙运行状态
然后在下方可以查看得到“active(running)”,此时说明防火墙已经打开了;
`systemctl stop firewalld.service` #进行关闭防火墙
`systemctl status firewalld.service` #查看状态
`systemctl disable firewalld.service` #可永久关闭防火墙
[root@test-centos7-kde etc]# firewall-cmd --state #查看到当前防火墙为Running状态
running
[root@test-centos7-kde etc]# systemctl stop firewalld.service #输入命令停止防火墙运行
[root@test-centos7-kde etc]# firewall-cmd --state #查看到当前防火墙为not Running状态
not running