配置防火墙,过滤开放指定端口

查看所有开放端口信息:

[root@localhost datas]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1370/master         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1154/sshd           
tcp        0     52 192.168.102.130:22      192.168.102.1:43838     ESTABLISHED 1936/sshd: root@pts 
tcp        0      0 192.168.102.130:22      192.168.102.1:43272     ESTABLISHED 1705/sshd: root@pts 
tcp        0      0 192.168.102.130:37844   151.101.108.133:443     ESTABLISHED 2193/grafana-server 
tcp        0      0 192.168.102.130:43838   35.241.23.245:443       ESTABLISHED 2193/grafana-server 
tcp6       0      0 ::1:25                  :::*                    LISTEN      1370/master         
tcp6       0      0 :::22                   :::*                    LISTEN      1154/sshd           
tcp6       0      0 :::3000                 :::*                    LISTEN      2193/grafana-server 
udp        0      0 0.0.0.0:68              0.0.0.0:*                           963/dhclient        
udp        0      0 127.0.0.1:323           0.0.0.0:*                           748/chronyd         
udp6       0      0 ::1:323                 :::*                                748/chronyd         
raw6       0      0 :::58                   :::*                    7           808/NetworkManager  

查看防火墙状态

[root@localhost datas]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since 五 2019-11-22 10:48:14 CST; 33s ago
  Process: 2270 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
  Process: 2287 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 2287 (code=exited, status=0/SUCCESS)

11月 22 10:48:13 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
11月 22 10:48:14 localhost.localdomain iptables.init[2287]: iptables: Applying firewall rules: [  确定  ]
11月 22 10:48:14 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.

打开端口号:

iptables -A INPUT -ptcp --dport  8099 -j ACCEPT

关闭端口号:

iptables -A OUTPUT -p tcp --dport 端口号-j DROP

查看是否打开一个端口:

[root@localhost datas]# netstat -an |grep 3000
tcp6       0      0 :::3000                 :::*                    LISTEN

验证一个服务是否启动成功

[root@localhost bin]# ps -ef |grep tomcat
root       2395      1 42 11:03 pts/0    00:01:03 /usr/local/java/jdk1.8.0_162/bin/java -Djava.util.logging.config.file=/root/datas/apache-tomcat-9.0.8/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /root/datas/apache-tomcat-9.0.8/bin/bootstrap.jar:/root/datas/apache-tomcat-9.0.8/bin/tomcat-juli.jar -Dcatalina.base=/root/datas/apache-tomcat-9.0.8 -Dcatalina.home=/root/datas/apache-tomcat-9.0.8 -Djava.io.tmpdir=/root/datas/apache-tomcat-9.0.8/temp org.apache.catalina.startup.Bootstrap start
root       2492   1709  0 11:06 pts/0    00:00:00 grep --color=auto tomcat

修改防火墙配置文件
端口被防火墙限制原因,开启防火墙过滤端口

[root@localhost bin]# vim /etc/sysconfig/iptables

# Generated by iptables-save v1.4.21 on Fri Nov 22 10:44:40 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26:2416]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9141 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2181 -j ACCEPT

-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

防火墙的开启:

systemctl start firewalld

防火墙的关闭:

systemctl stop firewalld.service 

查看防火墙状态:

firewall-cmd --state

重启防火墙:

firewall-cmd --reload
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

米雪唲2

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值