查看所有开放端口信息:
[root@localhost datas]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1370/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1154/sshd
tcp 0 52 192.168.102.130:22 192.168.102.1:43838 ESTABLISHED 1936/sshd: root@pts
tcp 0 0 192.168.102.130:22 192.168.102.1:43272 ESTABLISHED 1705/sshd: root@pts
tcp 0 0 192.168.102.130:37844 151.101.108.133:443 ESTABLISHED 2193/grafana-server
tcp 0 0 192.168.102.130:43838 35.241.23.245:443 ESTABLISHED 2193/grafana-server
tcp6 0 0 ::1:25 :::* LISTEN 1370/master
tcp6 0 0 :::22 :::* LISTEN 1154/sshd
tcp6 0 0 :::3000 :::* LISTEN 2193/grafana-server
udp 0 0 0.0.0.0:68 0.0.0.0:* 963/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 748/chronyd
udp6 0 0 ::1:323 :::* 748/chronyd
raw6 0 0 :::58 :::* 7 808/NetworkManager
查看防火墙状态
[root@localhost datas]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since 五 2019-11-22 10:48:14 CST; 33s ago
Process: 2270 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 2287 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 2287 (code=exited, status=0/SUCCESS)
11月 22 10:48:13 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
11月 22 10:48:14 localhost.localdomain iptables.init[2287]: iptables: Applying firewall rules: [ 确定 ]
11月 22 10:48:14 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.
打开端口号:
iptables -A INPUT -ptcp --dport 8099 -j ACCEPT
关闭端口号:
iptables -A OUTPUT -p tcp --dport 端口号-j DROP
查看是否打开一个端口:
[root@localhost datas]# netstat -an |grep 3000
tcp6 0 0 :::3000 :::* LISTEN
验证一个服务是否启动成功
[root@localhost bin]# ps -ef |grep tomcat
root 2395 1 42 11:03 pts/0 00:01:03 /usr/local/java/jdk1.8.0_162/bin/java -Djava.util.logging.config.file=/root/datas/apache-tomcat-9.0.8/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /root/datas/apache-tomcat-9.0.8/bin/bootstrap.jar:/root/datas/apache-tomcat-9.0.8/bin/tomcat-juli.jar -Dcatalina.base=/root/datas/apache-tomcat-9.0.8 -Dcatalina.home=/root/datas/apache-tomcat-9.0.8 -Djava.io.tmpdir=/root/datas/apache-tomcat-9.0.8/temp org.apache.catalina.startup.Bootstrap start
root 2492 1709 0 11:06 pts/0 00:00:00 grep --color=auto tomcat
修改防火墙配置文件
端口被防火墙限制原因,开启防火墙过滤端口
[root@localhost bin]# vim /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Fri Nov 22 10:44:40 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26:2416]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9141 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2181 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
防火墙的开启:
systemctl start firewalld
防火墙的关闭:
systemctl stop firewalld.service
查看防火墙状态:
firewall-cmd --state
重启防火墙:
firewall-cmd --reload